projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| 4ad49000 | 2 | |
| 3dc5ca97 | 3 | #include "af-list.h" |
| b5efdb8a | 4 | #include "alloc-util.h" |
| 836e4e7e | 5 | #include "bpf-program.h" |
| 40af3d02 | 6 | #include "bus-get-properties.h" |
| 91080bc9 | 7 | #include "bus-message-util.h" |
| 718db961 | 8 | #include "cgroup.h" |
| 1cf40697 | 9 | #include "cgroup-util.h" |
| 4ad49000 | 10 | #include "dbus-cgroup.h" |
| dc7d69b3 | 11 | #include "escape.h" |
| dc7d69b3 | 12 | #include "firewall-util.h" |
| 84ebe6f0 | 13 | #include "in-addr-prefix-util.h" |
| eefc66aa | 14 | #include "limits-util.h" |
| 4ea4abb6 | 15 | #include "manager.h" |
| 2485b7e2 | 16 | #include "memstream-util.h" |
| dcf4781c | 17 | #include "parse-util.h" |
| 3ffd4af2 | 18 | #include "path-util.h" |
| 9cba32bc | 19 | #include "percent-util.h" |
| 836e4e7e | 20 | #include "set.h" |
| a59cb62c | 21 | #include "socket-util.h" |
| 836e4e7e DDM |
22 | #include "string-util.h" |
| 23 | #include "strv.h" | |
| bad578b1 | 24 | #include "varlink.h" |
| 4ad49000 | 25 | |
| 94f0b13b | 26 | BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve); |
| 6bb00842 | 27 | BUS_DEFINE_PROPERTY_GET_ENUM(bus_property_get_cgroup_pressure_watch, cgroup_pressure_watch, CGroupPressureWatch); |
| 3a0f06c4 | 28 | |
| 718db961 | 29 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_cgroup_device_policy, cgroup_device_policy, CGroupDevicePolicy); |
| 4d824a4e | 30 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_mode, managed_oom_mode, ManagedOOMMode); |
| 4e806bfa | 31 | static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_managed_oom_preference, managed_oom_preference, ManagedOOMPreference); |
| 718db961 | 32 | |
| db6986e0 YW |
33 | static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_blockio_ast, "a(st)", 0); |
| 34 | ||
| c72703e2 | 35 | static int property_get_cgroup_mask( |
| 02638280 LP |
36 | sd_bus *bus, |
| 37 | const char *path, | |
| 38 | const char *interface, | |
| 39 | const char *property, | |
| 40 | sd_bus_message *reply, | |
| 41 | void *userdata, | |
| 42 | sd_bus_error *error) { | |
| 43 | ||
| c72703e2 | 44 | CGroupMask *mask = userdata; |
| 02638280 LP |
45 | int r; |
| 46 | ||
| 47 | assert(bus); | |
| 48 | assert(reply); | |
| 02638280 LP |
49 | |
| 50 | r = sd_bus_message_open_container(reply, 'a', "s"); | |
| 51 | if (r < 0) | |
| 52 | return r; | |
| 53 | ||
| fe96c0f8 | 54 | for (CGroupController ctrl = 0; ctrl < _CGROUP_CONTROLLER_MAX; ctrl++) { |
| c72703e2 | 55 | if ((*mask & CGROUP_CONTROLLER_TO_MASK(ctrl)) == 0) |
| 02638280 LP |
56 | continue; |
| 57 | ||
| c72703e2 | 58 | r = sd_bus_message_append(reply, "s", cgroup_controller_to_string(ctrl)); |
| 02638280 LP |
59 | if (r < 0) |
| 60 | return r; | |
| 61 | } | |
| 62 | ||
| 63 | return sd_bus_message_close_container(reply); | |
| 64 | } | |
| 65 | ||
| c72703e2 CD |
66 | static int property_get_delegate_controllers( |
| 67 | sd_bus *bus, | |
| 68 | const char *path, | |
| 69 | const char *interface, | |
| 70 | const char *property, | |
| 71 | sd_bus_message *reply, | |
| 72 | void *userdata, | |
| 73 | sd_bus_error *error) { | |
| 74 | ||
| 99534007 | 75 | CGroupContext *c = ASSERT_PTR(userdata); |
| c72703e2 CD |
76 | |
| 77 | assert(bus); | |
| 78 | assert(reply); | |
| c72703e2 CD |
79 | |
| 80 | if (!c->delegate) | |
| 81 | return sd_bus_message_append(reply, "as", 0); | |
| 82 | ||
| 83 | return property_get_cgroup_mask(bus, path, interface, property, reply, &c->delegate_controllers, error); | |
| 84 | } | |
| 85 | ||
| 047f5d63 PH |
86 | static int property_get_cpuset( |
| 87 | sd_bus *bus, | |
| 88 | const char *path, | |
| 89 | const char *interface, | |
| 90 | const char *property, | |
| 91 | sd_bus_message *reply, | |
| 92 | void *userdata, | |
| 93 | sd_bus_error *error) { | |
| 94 | ||
| 99534007 | 95 | CPUSet *cpus = ASSERT_PTR(userdata); |
| 047f5d63 PH |
96 | _cleanup_free_ uint8_t *array = NULL; |
| 97 | size_t allocated; | |
| 98 | ||
| 99 | assert(bus); | |
| 100 | assert(reply); | |
| 047f5d63 PH |
101 | |
| 102 | (void) cpu_set_to_dbus(cpus, &array, &allocated); | |
| 103 | return sd_bus_message_append_array(reply, 'y', array, allocated); | |
| 104 | } | |
| 105 | ||
| 13c31542 TH |
106 | static int property_get_io_device_weight( |
| 107 | sd_bus *bus, | |
| 108 | const char *path, | |
| 109 | const char *interface, | |
| 110 | const char *property, | |
| 111 | sd_bus_message *reply, | |
| 112 | void *userdata, | |
| 113 | sd_bus_error *error) { | |
| 114 | ||
| 99534007 | 115 | CGroupContext *c = ASSERT_PTR(userdata); |
| 13c31542 TH |
116 | int r; |
| 117 | ||
| 118 | assert(bus); | |
| 119 | assert(reply); | |
| 13c31542 TH |
120 | |
| 121 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
| 122 | if (r < 0) | |
| 123 | return r; | |
| 124 | ||
| 125 | LIST_FOREACH(device_weights, w, c->io_device_weights) { | |
| 126 | r = sd_bus_message_append(reply, "(st)", w->path, w->weight); | |
| 127 | if (r < 0) | |
| 128 | return r; | |
| 129 | } | |
| 130 | ||
| 131 | return sd_bus_message_close_container(reply); | |
| 132 | } | |
| 133 | ||
| 134 | static int property_get_io_device_limits( | |
| 135 | sd_bus *bus, | |
| 136 | const char *path, | |
| 137 | const char *interface, | |
| 138 | const char *property, | |
| 139 | sd_bus_message *reply, | |
| 140 | void *userdata, | |
| 141 | sd_bus_error *error) { | |
| 142 | ||
| 99534007 | 143 | CGroupContext *c = ASSERT_PTR(userdata); |
| 13c31542 TH |
144 | int r; |
| 145 | ||
| 146 | assert(bus); | |
| 147 | assert(reply); | |
| 13c31542 TH |
148 | |
| 149 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
| 150 | if (r < 0) | |
| 151 | return r; | |
| 152 | ||
| 153 | LIST_FOREACH(device_limits, l, c->io_device_limits) { | |
| 9be57249 | 154 | CGroupIOLimitType type; |
| 13c31542 | 155 | |
| 9be57249 TH |
156 | type = cgroup_io_limit_type_from_string(property); |
| 157 | if (type < 0 || l->limits[type] == cgroup_io_limit_defaults[type]) | |
| 13c31542 TH |
158 | continue; |
| 159 | ||
| 9be57249 | 160 | r = sd_bus_message_append(reply, "(st)", l->path, l->limits[type]); |
| 13c31542 TH |
161 | if (r < 0) |
| 162 | return r; | |
| 163 | } | |
| 164 | ||
| 165 | return sd_bus_message_close_container(reply); | |
| 166 | } | |
| 167 | ||
| 6ae4283c TH |
168 | static int property_get_io_device_latency( |
| 169 | sd_bus *bus, | |
| 170 | const char *path, | |
| 171 | const char *interface, | |
| 172 | const char *property, | |
| 173 | sd_bus_message *reply, | |
| 174 | void *userdata, | |
| 175 | sd_bus_error *error) { | |
| 176 | ||
| 99534007 | 177 | CGroupContext *c = ASSERT_PTR(userdata); |
| 6ae4283c TH |
178 | int r; |
| 179 | ||
| 180 | assert(bus); | |
| 181 | assert(reply); | |
| 6ae4283c TH |
182 | |
| 183 | r = sd_bus_message_open_container(reply, 'a', "(st)"); | |
| 184 | if (r < 0) | |
| 185 | return r; | |
| 186 | ||
| 187 | LIST_FOREACH(device_latencies, l, c->io_device_latencies) { | |
| 188 | r = sd_bus_message_append(reply, "(st)", l->path, l->target_usec); | |
| 189 | if (r < 0) | |
| 190 | return r; | |
| 191 | } | |
| 192 | ||
| 193 | return sd_bus_message_close_container(reply); | |
| 194 | } | |
| 195 | ||
| 718db961 LP |
196 | static int property_get_device_allow( |
| 197 | sd_bus *bus, | |
| 198 | const char *path, | |
| 199 | const char *interface, | |
| 200 | const char *property, | |
| 201 | sd_bus_message *reply, | |
| ebcf1f97 LP |
202 | void *userdata, |
| 203 | sd_bus_error *error) { | |
| 718db961 | 204 | |
| 99534007 | 205 | CGroupContext *c = ASSERT_PTR(userdata); |
| 718db961 | 206 | int r; |
| 4ad49000 | 207 | |
| 718db961 LP |
208 | assert(bus); |
| 209 | assert(reply); | |
| 4ad49000 | 210 | |
| 718db961 LP |
211 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); |
| 212 | if (r < 0) | |
| 213 | return r; | |
| 4ad49000 LP |
214 | |
| 215 | LIST_FOREACH(device_allow, a, c->device_allow) { | |
| a1044811 | 216 | r = sd_bus_message_append(reply, "(ss)", a->path, cgroup_device_permissions_to_string(a->permissions)); |
| 718db961 LP |
217 | if (r < 0) |
| 218 | return r; | |
| 4ad49000 LP |
219 | } |
| 220 | ||
| 718db961 | 221 | return sd_bus_message_close_container(reply); |
| 4ad49000 LP |
222 | } |
| 223 | ||
| 3dc5ca97 LP |
224 | static int property_get_ip_address_access( |
| 225 | sd_bus *bus, | |
| 226 | const char *path, | |
| 227 | const char *interface, | |
| 228 | const char *property, | |
| 229 | sd_bus_message *reply, | |
| 230 | void *userdata, | |
| 231 | sd_bus_error *error) { | |
| 232 | ||
| 99534007 | 233 | Set **prefixes = ASSERT_PTR(userdata); |
| 84ebe6f0 | 234 | struct in_addr_prefix *i; |
| 3dc5ca97 LP |
235 | int r; |
| 236 | ||
| 237 | r = sd_bus_message_open_container(reply, 'a', "(iayu)"); | |
| 238 | if (r < 0) | |
| 239 | return r; | |
| 240 | ||
| 84ebe6f0 | 241 | SET_FOREACH(i, *prefixes) { |
| 3dc5ca97 LP |
242 | |
| 243 | r = sd_bus_message_open_container(reply, 'r', "iayu"); | |
| 244 | if (r < 0) | |
| 245 | return r; | |
| 246 | ||
| 247 | r = sd_bus_message_append(reply, "i", i->family); | |
| 248 | if (r < 0) | |
| 249 | return r; | |
| 250 | ||
| 251 | r = sd_bus_message_append_array(reply, 'y', &i->address, FAMILY_ADDRESS_SIZE(i->family)); | |
| 252 | if (r < 0) | |
| 253 | return r; | |
| 254 | ||
| 255 | r = sd_bus_message_append(reply, "u", (uint32_t) i->prefixlen); | |
| 256 | if (r < 0) | |
| 257 | return r; | |
| 258 | ||
| 259 | r = sd_bus_message_close_container(reply); | |
| 260 | if (r < 0) | |
| 261 | return r; | |
| 262 | } | |
| 263 | ||
| 264 | return sd_bus_message_close_container(reply); | |
| 265 | } | |
| 266 | ||
| 9e009a14 JK |
267 | static int property_get_bpf_foreign_program( |
| 268 | sd_bus *bus, | |
| 269 | const char *path, | |
| 270 | const char *interface, | |
| 271 | const char *property, | |
| 272 | sd_bus_message *reply, | |
| 273 | void *userdata, | |
| 274 | sd_bus_error *error) { | |
| 275 | CGroupContext *c = userdata; | |
| 9e009a14 JK |
276 | int r; |
| 277 | ||
| 278 | r = sd_bus_message_open_container(reply, 'a', "(ss)"); | |
| 279 | if (r < 0) | |
| 280 | return r; | |
| 281 | ||
| 282 | LIST_FOREACH(programs, p, c->bpf_foreign_programs) { | |
| 283 | const char *attach_type = bpf_cgroup_attach_type_to_string(p->attach_type); | |
| 284 | ||
| 285 | r = sd_bus_message_append(reply, "(ss)", attach_type, p->bpffs_path); | |
| 286 | if (r < 0) | |
| 287 | return r; | |
| 288 | } | |
| 289 | ||
| 290 | return sd_bus_message_close_container(reply); | |
| 291 | } | |
| 292 | ||
| dcf4781c JK |
293 | static int property_get_socket_bind( |
| 294 | sd_bus *bus, | |
| 295 | const char *path, | |
| 296 | const char *interface, | |
| 297 | const char *property, | |
| 298 | sd_bus_message *reply, | |
| 299 | void *userdata, | |
| 300 | sd_bus_error *error) { | |
| 03677889 | 301 | |
| 99534007 | 302 | CGroupSocketBindItem **items = ASSERT_PTR(userdata); |
| dcf4781c JK |
303 | int r; |
| 304 | ||
| 4883a04f | 305 | r = sd_bus_message_open_container(reply, 'a', "(iiqq)"); |
| dcf4781c JK |
306 | if (r < 0) |
| 307 | return r; | |
| 308 | ||
| 309 | LIST_FOREACH(socket_bind_items, i, *items) { | |
| 4883a04f | 310 | r = sd_bus_message_append(reply, "(iiqq)", i->address_family, i->ip_protocol, i->nr_ports, i->port_min); |
| dcf4781c JK |
311 | if (r < 0) |
| 312 | return r; | |
| 313 | } | |
| 314 | ||
| 315 | return sd_bus_message_close_container(reply); | |
| 316 | } | |
| 317 | ||
| a59cb62c MV |
318 | static int property_get_restrict_network_interfaces( |
| 319 | sd_bus *bus, | |
| 320 | const char *path, | |
| 321 | const char *interface, | |
| 322 | const char *property, | |
| 323 | sd_bus_message *reply, | |
| 324 | void *userdata, | |
| 325 | sd_bus_error *error) { | |
| 9298af8d | 326 | |
| 99534007 | 327 | CGroupContext *c = ASSERT_PTR(userdata); |
| 9298af8d | 328 | int r; |
| a59cb62c MV |
329 | |
| 330 | assert(bus); | |
| 331 | assert(reply); | |
| a59cb62c MV |
332 | |
| 333 | r = sd_bus_message_open_container(reply, 'r', "bas"); | |
| 334 | if (r < 0) | |
| 335 | return r; | |
| 336 | ||
| 337 | r = sd_bus_message_append(reply, "b", c->restrict_network_interfaces_is_allow_list); | |
| 338 | if (r < 0) | |
| 339 | return r; | |
| 340 | ||
| 9298af8d | 341 | r = bus_message_append_string_set(reply, c->restrict_network_interfaces); |
| a59cb62c MV |
342 | if (r < 0) |
| 343 | return r; | |
| 344 | ||
| 345 | return sd_bus_message_close_container(reply); | |
| 346 | } | |
| 347 | ||
| dc7d69b3 TM |
348 | static int property_get_cgroup_nft_set( |
| 349 | sd_bus *bus, | |
| 350 | const char *path, | |
| 351 | const char *interface, | |
| 352 | const char *property, | |
| 353 | sd_bus_message *reply, | |
| 354 | void *userdata, | |
| 355 | sd_bus_error *error) { | |
| 356 | int r; | |
| 357 | CGroupContext *c = userdata; | |
| 358 | ||
| 359 | assert(bus); | |
| 360 | assert(reply); | |
| 361 | assert(c); | |
| 362 | ||
| 363 | r = sd_bus_message_open_container(reply, 'a', "(iiss)"); | |
| 364 | if (r < 0) | |
| 365 | return r; | |
| 366 | ||
| 367 | FOREACH_ARRAY(nft_set, c->nft_set_context.sets, c->nft_set_context.n_sets) { | |
| 368 | r = sd_bus_message_append(reply, "(iiss)", nft_set->source, nft_set->nfproto, nft_set->table, nft_set->set); | |
| 369 | if (r < 0) | |
| 370 | return r; | |
| 371 | } | |
| 372 | ||
| 373 | return sd_bus_message_close_container(reply); | |
| 374 | } | |
| 375 | ||
| 718db961 LP |
376 | const sd_bus_vtable bus_cgroup_vtable[] = { |
| 377 | SD_BUS_VTABLE_START(0), | |
| a931ad47 | 378 | SD_BUS_PROPERTY("Delegate", "b", bus_property_get_bool, offsetof(CGroupContext, delegate), 0), |
| 02638280 | 379 | SD_BUS_PROPERTY("DelegateControllers", "as", property_get_delegate_controllers, 0, 0), |
| a8b993dc | 380 | SD_BUS_PROPERTY("DelegateSubgroup", "s", NULL, offsetof(CGroupContext, delegate_subgroup), 0), |
| 66ebf6c0 TH |
381 | SD_BUS_PROPERTY("CPUWeight", "t", NULL, offsetof(CGroupContext, cpu_weight), 0), |
| 382 | SD_BUS_PROPERTY("StartupCPUWeight", "t", NULL, offsetof(CGroupContext, startup_cpu_weight), 0), | |
| ee26bcc0 | 383 | SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), |
| 10f28641 | 384 | SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), |
| 047f5d63 | 385 | SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), |
| 31d3a520 | 386 | SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0), |
| 047f5d63 | 387 | SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), |
| 31d3a520 | 388 | SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0), |
| 13c31542 TH |
389 | SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), |
| 390 | SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), | |
| 391 | SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), | |
| 392 | SD_BUS_PROPERTY("IODeviceWeight", "a(st)", property_get_io_device_weight, 0, 0), | |
| 393 | SD_BUS_PROPERTY("IOReadBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
| 394 | SD_BUS_PROPERTY("IOWriteBandwidthMax", "a(st)", property_get_io_device_limits, 0, 0), | |
| ac06a0cf TH |
395 | SD_BUS_PROPERTY("IOReadIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), |
| 396 | SD_BUS_PROPERTY("IOWriteIOPSMax", "a(st)", property_get_io_device_limits, 0, 0), | |
| 6ae4283c | 397 | SD_BUS_PROPERTY("IODeviceLatencyTargetUSec", "a(st)", property_get_io_device_latency, 0, 0), |
| 610f780c | 398 | SD_BUS_PROPERTY("MemoryAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, memory_accounting), 0), |
| c52db42b | 399 | SD_BUS_PROPERTY("DefaultMemoryLow", "t", NULL, offsetof(CGroupContext, default_memory_low), 0), |
| 53fda560 | 400 | SD_BUS_PROPERTY("DefaultStartupMemoryLow", "t", NULL, offsetof(CGroupContext, default_startup_memory_low), 0), |
| 7e7223b3 | 401 | SD_BUS_PROPERTY("DefaultMemoryMin", "t", NULL, offsetof(CGroupContext, default_memory_min), 0), |
| 48422635 | 402 | SD_BUS_PROPERTY("MemoryMin", "t", NULL, offsetof(CGroupContext, memory_min), 0), |
| da4d897e | 403 | SD_BUS_PROPERTY("MemoryLow", "t", NULL, offsetof(CGroupContext, memory_low), 0), |
| 53fda560 | 404 | SD_BUS_PROPERTY("StartupMemoryLow", "t", NULL, offsetof(CGroupContext, startup_memory_low), 0), |
| da4d897e | 405 | SD_BUS_PROPERTY("MemoryHigh", "t", NULL, offsetof(CGroupContext, memory_high), 0), |
| 53fda560 | 406 | SD_BUS_PROPERTY("StartupMemoryHigh", "t", NULL, offsetof(CGroupContext, startup_memory_high), 0), |
| da4d897e | 407 | SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), |
| 53fda560 | 408 | SD_BUS_PROPERTY("StartupMemoryMax", "t", NULL, offsetof(CGroupContext, startup_memory_max), 0), |
| 96e131ea | 409 | SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), |
| 53fda560 | 410 | SD_BUS_PROPERTY("StartupMemorySwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_swap_max), 0), |
| d7fe0a67 | 411 | SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), |
| 53fda560 | 412 | SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0), |
| 1ea275f1 | 413 | SD_BUS_PROPERTY("MemoryZSwapWriteback", "b", bus_property_get_bool, offsetof(CGroupContext, memory_zswap_writeback), 0), |
| 610f780c LP |
414 | SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), |
| 415 | SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), | |
| 03a7b521 | 416 | SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), |
| 3a0f06c4 | 417 | SD_BUS_PROPERTY("TasksMax", "t", bus_property_get_tasks_max, offsetof(CGroupContext, tasks_max), 0), |
| 3dc5ca97 LP |
418 | SD_BUS_PROPERTY("IPAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, ip_accounting), 0), |
| 419 | SD_BUS_PROPERTY("IPAddressAllow", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_allow), 0), | |
| 420 | SD_BUS_PROPERTY("IPAddressDeny", "a(iayu)", property_get_ip_address_access, offsetof(CGroupContext, ip_address_deny), 0), | |
| fab34748 KL |
421 | SD_BUS_PROPERTY("IPIngressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_ingress), 0), |
| 422 | SD_BUS_PROPERTY("IPEgressFilterPath", "as", NULL, offsetof(CGroupContext, ip_filters_egress), 0), | |
| c72703e2 | 423 | SD_BUS_PROPERTY("DisableControllers", "as", property_get_cgroup_mask, offsetof(CGroupContext, disable_controllers), 0), |
| 4d824a4e AZ |
424 | SD_BUS_PROPERTY("ManagedOOMSwap", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_swap), 0), |
| 425 | SD_BUS_PROPERTY("ManagedOOMMemoryPressure", "s", property_get_managed_oom_mode, offsetof(CGroupContext, moom_mem_pressure), 0), | |
| d9d3f05d | 426 | SD_BUS_PROPERTY("ManagedOOMMemoryPressureLimit", "u", NULL, offsetof(CGroupContext, moom_mem_pressure_limit), 0), |
| 63d4c427 | 427 | SD_BUS_PROPERTY("ManagedOOMMemoryPressureDurationUSec", "t", bus_property_get_usec, offsetof(CGroupContext, moom_mem_pressure_duration_usec), 0), |
| 4e806bfa | 428 | SD_BUS_PROPERTY("ManagedOOMPreference", "s", property_get_managed_oom_preference, offsetof(CGroupContext, moom_preference), 0), |
| 9e009a14 | 429 | SD_BUS_PROPERTY("BPFProgram", "a(ss)", property_get_bpf_foreign_program, 0, 0), |
| 4883a04f JK |
430 | SD_BUS_PROPERTY("SocketBindAllow", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_allow), 0), |
| 431 | SD_BUS_PROPERTY("SocketBindDeny", "a(iiqq)", property_get_socket_bind, offsetof(CGroupContext, socket_bind_deny), 0), | |
| a59cb62c | 432 | SD_BUS_PROPERTY("RestrictNetworkInterfaces", "(bas)", property_get_restrict_network_interfaces, 0, 0), |
| 6bb00842 LP |
433 | SD_BUS_PROPERTY("MemoryPressureWatch", "s", bus_property_get_cgroup_pressure_watch, offsetof(CGroupContext, memory_pressure_watch), 0), |
| 434 | SD_BUS_PROPERTY("MemoryPressureThresholdUSec", "t", bus_property_get_usec, offsetof(CGroupContext, memory_pressure_threshold_usec), 0), | |
| dc7d69b3 | 435 | SD_BUS_PROPERTY("NFTSet", "a(iiss)", property_get_cgroup_nft_set, 0, 0), |
| 6cf96ab4 | 436 | SD_BUS_PROPERTY("CoredumpReceive", "b", bus_property_get_bool, offsetof(CGroupContext, coredump_receive), 0), |
| 29da53dd | 437 | |
| db6986e0 YW |
438 | /* deprecated cgroup v1 properties */ |
| 439 | SD_BUS_PROPERTY("MemoryLimit", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 440 | SD_BUS_PROPERTY("CPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 441 | SD_BUS_PROPERTY("StartupCPUShares", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 442 | SD_BUS_PROPERTY("BlockIOAccounting", "b", bus_property_get_bool_false, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 443 | SD_BUS_PROPERTY("BlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 444 | SD_BUS_PROPERTY("StartupBlockIOWeight", "t", bus_property_get_uint64_max, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 445 | SD_BUS_PROPERTY("BlockIODeviceWeight", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 446 | SD_BUS_PROPERTY("BlockIOReadBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 447 | SD_BUS_PROPERTY("BlockIOWriteBandwidth", "a(st)", property_get_blockio_ast, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 29da53dd MY |
448 | /* since kernel v4.15 CPU accounting requires no controller, i.e. is available everywhere */ |
| 449 | SD_BUS_PROPERTY("CPUAccounting", "b", bus_property_get_bool_true, 0, SD_BUS_VTABLE_DEPRECATED|SD_BUS_VTABLE_HIDDEN), | |
| 450 | ||
| 718db961 | 451 | SD_BUS_VTABLE_END |
| 4ad49000 | 452 | }; |
| 8e2af478 | 453 | |
| a931ad47 LP |
454 | static int bus_cgroup_set_transient_property( |
| 455 | Unit *u, | |
| 456 | CGroupContext *c, | |
| 457 | const char *name, | |
| 458 | sd_bus_message *message, | |
| 2e59b241 | 459 | UnitWriteFlags flags, |
| a931ad47 LP |
460 | sd_bus_error *error) { |
| 461 | ||
| 462 | int r; | |
| 463 | ||
| 464 | assert(u); | |
| 465 | assert(c); | |
| 466 | assert(name); | |
| 467 | assert(message); | |
| 468 | ||
| 2e59b241 LP |
469 | flags |= UNIT_PRIVATE; |
| 470 | ||
| a931ad47 LP |
471 | if (streq(name, "Delegate")) { |
| 472 | int b; | |
| 473 | ||
| 1d9cc876 | 474 | if (!UNIT_VTABLE(u)->can_delegate) |
| 1b09b81c | 475 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| 1d9cc876 | 476 | |
| a931ad47 LP |
477 | r = sd_bus_message_read(message, "b", &b); |
| 478 | if (r < 0) | |
| 479 | return r; | |
| 480 | ||
| 2e59b241 | 481 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| a931ad47 | 482 | c->delegate = b; |
| 677e6c14 | 483 | c->delegate_controllers = b ? CGROUP_MASK_DELEGATE : 0; |
| 02638280 | 484 | |
| 2e59b241 | 485 | unit_write_settingf(u, flags, name, "Delegate=%s", yes_no(b)); |
| a931ad47 LP |
486 | } |
| 487 | ||
| 02638280 LP |
488 | return 1; |
| 489 | ||
| a8b993dc LP |
490 | } else if (streq(name, "DelegateSubgroup")) { |
| 491 | const char *s; | |
| 492 | ||
| 493 | if (!UNIT_VTABLE(u)->can_delegate) | |
| 494 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); | |
| 495 | ||
| 496 | r = sd_bus_message_read(message, "s", &s); | |
| 497 | if (r < 0) | |
| 498 | return r; | |
| 499 | ||
| 500 | if (!isempty(s) && cg_needs_escape(s)) | |
| 501 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid control group name: %s", s); | |
| 502 | ||
| 503 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 504 | if (isempty(s)) | |
| 505 | c->delegate_subgroup = mfree(c->delegate_subgroup); | |
| 506 | else { | |
| 507 | r = free_and_strdup_warn(&c->delegate_subgroup, s); | |
| 508 | if (r < 0) | |
| 509 | return r; | |
| 510 | } | |
| 511 | ||
| 512 | unit_write_settingf(u, flags, name, "DelegateSubgroup=%s", s); | |
| 513 | } | |
| 514 | ||
| 515 | return 1; | |
| 516 | ||
| 25cc30c4 | 517 | } else if (STR_IN_SET(name, "DelegateControllers", "DisableControllers")) { |
| 02638280 LP |
518 | CGroupMask mask = 0; |
| 519 | ||
| 25cc30c4 | 520 | if (streq(name, "DelegateControllers") && !UNIT_VTABLE(u)->can_delegate) |
| 1b09b81c | 521 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); |
| 1d9cc876 | 522 | |
| 02638280 LP |
523 | r = sd_bus_message_enter_container(message, 'a', "s"); |
| 524 | if (r < 0) | |
| 525 | return r; | |
| 526 | ||
| 527 | for (;;) { | |
| 528 | CGroupController cc; | |
| 529 | const char *t; | |
| 530 | ||
| 531 | r = sd_bus_message_read(message, "s", &t); | |
| 532 | if (r < 0) | |
| 533 | return r; | |
| 534 | if (r == 0) | |
| 535 | break; | |
| 536 | ||
| 537 | cc = cgroup_controller_from_string(t); | |
| 538 | if (cc < 0) | |
| ef42f561 | 539 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown cgroup controller '%s'", t); |
| 02638280 LP |
540 | |
| 541 | mask |= CGROUP_CONTROLLER_TO_MASK(cc); | |
| 542 | } | |
| 543 | ||
| 544 | r = sd_bus_message_exit_container(message); | |
| 545 | if (r < 0) | |
| 546 | return r; | |
| 547 | ||
| 2e59b241 | 548 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 02638280 LP |
549 | _cleanup_free_ char *t = NULL; |
| 550 | ||
| 551 | r = cg_mask_to_string(mask, &t); | |
| 552 | if (r < 0) | |
| 553 | return r; | |
| 554 | ||
| 25cc30c4 AZ |
555 | if (streq(name, "DelegateControllers")) { |
| 556 | ||
| 557 | c->delegate = true; | |
| 558 | if (mask == 0) | |
| 559 | c->delegate_controllers = 0; | |
| 560 | else | |
| 561 | c->delegate_controllers |= mask; | |
| 562 | ||
| 563 | unit_write_settingf(u, flags, name, "Delegate=%s", strempty(t)); | |
| 02638280 | 564 | |
| 25cc30c4 AZ |
565 | } else if (streq(name, "DisableControllers")) { |
| 566 | ||
| 567 | if (mask == 0) | |
| 568 | c->disable_controllers = 0; | |
| 569 | else | |
| 570 | c->disable_controllers |= mask; | |
| 571 | ||
| 572 | unit_write_settingf(u, flags, name, "%s=%s", name, strempty(t)); | |
| 573 | } | |
| 02638280 LP |
574 | } |
| 575 | ||
| fab34748 KL |
576 | return 1; |
| 577 | } else if (STR_IN_SET(name, "IPIngressFilterPath", "IPEgressFilterPath")) { | |
| 578 | char ***filters; | |
| 579 | size_t n = 0; | |
| 580 | ||
| 581 | filters = streq(name, "IPIngressFilterPath") ? &c->ip_filters_ingress : &c->ip_filters_egress; | |
| 582 | r = sd_bus_message_enter_container(message, 'a', "s"); | |
| 583 | if (r < 0) | |
| 584 | return r; | |
| 585 | ||
| 586 | for (;;) { | |
| 587 | const char *path; | |
| 588 | ||
| 589 | r = sd_bus_message_read(message, "s", &path); | |
| 590 | if (r < 0) | |
| 591 | return r; | |
| 592 | if (r == 0) | |
| 593 | break; | |
| 594 | ||
| 595 | if (!path_is_normalized(path) || !path_is_absolute(path)) | |
| 596 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects a normalized absolute path.", name); | |
| 597 | ||
| 598 | if (!UNIT_WRITE_FLAGS_NOOP(flags) && !strv_contains(*filters, path)) { | |
| 599 | r = strv_extend(filters, path); | |
| 600 | if (r < 0) | |
| 601 | return log_oom(); | |
| 602 | } | |
| 603 | n++; | |
| 604 | } | |
| 605 | r = sd_bus_message_exit_container(message); | |
| 606 | if (r < 0) | |
| 607 | return r; | |
| 608 | ||
| 609 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 2485b7e2 | 610 | _cleanup_(memstream_done) MemStream m = {}; |
| fab34748 | 611 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 612 | FILE *f; |
| fab34748 KL |
613 | |
| 614 | if (n == 0) | |
| 615 | *filters = strv_free(*filters); | |
| 616 | ||
| 617 | unit_invalidate_cgroup_bpf(u); | |
| 2485b7e2 YW |
618 | |
| 619 | f = memstream_init(&m); | |
| fab34748 KL |
620 | if (!f) |
| 621 | return -ENOMEM; | |
| 622 | ||
| 623 | fputs(name, f); | |
| 624 | fputs("=\n", f); | |
| 625 | ||
| 626 | STRV_FOREACH(entry, *filters) | |
| 627 | fprintf(f, "%s=%s\n", name, *entry); | |
| 628 | ||
| 2485b7e2 | 629 | r = memstream_finalize(&m, &buf, NULL); |
| fab34748 KL |
630 | if (r < 0) |
| 631 | return r; | |
| 632 | ||
| 633 | unit_write_setting(u, flags, name, buf); | |
| 634 | ||
| ec3c5cfa YW |
635 | if (*filters && bpf_program_supported() <= 0) { |
| 636 | static bool warned = false; | |
| 637 | ||
| 638 | log_full(warned ? LOG_DEBUG : LOG_WARNING, | |
| 639 | "Transient unit %s configures an IP firewall with BPF, but the local system does not support BPF/cgroup firewalling with multiple filters.\n" | |
| 640 | "Starting this unit will fail! (This warning is only shown for the first started transient unit using IP firewalling.)", u->id); | |
| 641 | warned = true; | |
| fab34748 KL |
642 | } |
| 643 | } | |
| 644 | ||
| 9e009a14 JK |
645 | return 1; |
| 646 | } else if (streq(name, "BPFProgram")) { | |
| 647 | const char *a, *p; | |
| 648 | size_t n = 0; | |
| 649 | ||
| 650 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); | |
| 651 | if (r < 0) | |
| 652 | return r; | |
| 653 | ||
| 654 | while ((r = sd_bus_message_read(message, "(ss)", &a, &p)) > 0) { | |
| 655 | int attach_type = bpf_cgroup_attach_type_from_string(a); | |
| 656 | if (attach_type < 0) | |
| 657 | return sd_bus_error_setf( | |
| 658 | error, | |
| 659 | SD_BUS_ERROR_INVALID_ARGS, | |
| 660 | "%s expects a valid BPF attach type, got '%s'.", | |
| 661 | name, a); | |
| 662 | ||
| 663 | if (!path_is_normalized(p) || !path_is_absolute(p)) | |
| 664 | return sd_bus_error_setf( | |
| 665 | error, | |
| 666 | SD_BUS_ERROR_INVALID_ARGS, | |
| 667 | "%s= expects a normalized absolute path.", | |
| 668 | name); | |
| 669 | ||
| 670 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| c6f2dca6 | 671 | r = cgroup_context_add_bpf_foreign_program(c, attach_type, p); |
| 9e009a14 JK |
672 | if (r < 0) |
| 673 | return r; | |
| 674 | } | |
| 675 | n++; | |
| 676 | } | |
| 677 | if (r < 0) | |
| 678 | return r; | |
| 679 | ||
| 680 | r = sd_bus_message_exit_container(message); | |
| 681 | if (r < 0) | |
| 682 | return r; | |
| 683 | ||
| 684 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 2485b7e2 | 685 | _cleanup_(memstream_done) MemStream m = {}; |
| 9e009a14 | 686 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 687 | FILE *f; |
| 9e009a14 JK |
688 | |
| 689 | if (n == 0) | |
| 690 | while (c->bpf_foreign_programs) | |
| 691 | cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); | |
| 692 | ||
| 2485b7e2 | 693 | f = memstream_init(&m); |
| 9e009a14 JK |
694 | if (!f) |
| 695 | return -ENOMEM; | |
| 696 | ||
| 697 | fputs(name, f); | |
| 698 | fputs("=\n", f); | |
| 699 | ||
| 700 | LIST_FOREACH(programs, fp, c->bpf_foreign_programs) | |
| 701 | fprintf(f, "%s=%s:%s\n", name, | |
| 702 | bpf_cgroup_attach_type_to_string(fp->attach_type), | |
| 703 | fp->bpffs_path); | |
| 704 | ||
| 2485b7e2 | 705 | r = memstream_finalize(&m, &buf, NULL); |
| 9e009a14 JK |
706 | if (r < 0) |
| 707 | return r; | |
| 708 | ||
| 709 | unit_write_setting(u, flags, name, buf); | |
| 9e009a14 JK |
710 | } |
| 711 | ||
| 6bb00842 LP |
712 | return 1; |
| 713 | ||
| 714 | } else if (streq(name, "MemoryPressureWatch")) { | |
| 715 | CGroupPressureWatch p; | |
| 716 | const char *t; | |
| 717 | ||
| 718 | r = sd_bus_message_read(message, "s", &t); | |
| 719 | if (r < 0) | |
| 720 | return r; | |
| 721 | ||
| 722 | if (isempty(t)) | |
| 723 | p = _CGROUP_PRESSURE_WATCH_INVALID; | |
| 724 | else { | |
| 725 | p = cgroup_pressure_watch_from_string(t); | |
| 726 | if (p < 0) | |
| 727 | return p; | |
| 728 | } | |
| 729 | ||
| 730 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 731 | c->memory_pressure_watch = p; | |
| 732 | unit_write_settingf(u, flags, name, "MemoryPressureWatch=%s", strempty(cgroup_pressure_watch_to_string(p))); | |
| 733 | } | |
| 734 | ||
| 735 | return 1; | |
| 736 | ||
| 737 | } else if (streq(name, "MemoryPressureThresholdUSec")) { | |
| 738 | uint64_t t; | |
| 739 | ||
| 740 | r = sd_bus_message_read(message, "t", &t); | |
| 741 | if (r < 0) | |
| 742 | return r; | |
| 743 | ||
| 744 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 745 | c->memory_pressure_threshold_usec = t; | |
| 746 | ||
| 747 | if (t == UINT64_MAX) | |
| 748 | unit_write_setting(u, flags, name, "MemoryPressureThresholdUSec="); | |
| 749 | else | |
| 750 | unit_write_settingf(u, flags, name, "MemoryPressureThresholdUSec=%" PRIu64, t); | |
| 751 | } | |
| 752 | ||
| 6cf96ab4 NR |
753 | return 1; |
| 754 | } else if (streq(name, "CoredumpReceive")) { | |
| 755 | int b; | |
| 756 | ||
| 757 | if (!UNIT_VTABLE(u)->can_delegate) | |
| 758 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Delegation not available for unit type"); | |
| 759 | ||
| 760 | r = sd_bus_message_read(message, "b", &b); | |
| 761 | if (r < 0) | |
| 762 | return r; | |
| 763 | ||
| 764 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 765 | c->coredump_receive = b; | |
| 766 | ||
| 767 | unit_write_settingf(u, flags, name, "CoredumpReceive=%s", yes_no(b)); | |
| 768 | } | |
| 769 | ||
| a931ad47 LP |
770 | return 1; |
| 771 | } | |
| 772 | ||
| 773 | return 0; | |
| 774 | } | |
| 775 | ||
| 681ae88e YW |
776 | static int bus_cgroup_set_boolean( |
| 777 | Unit *u, | |
| 778 | const char *name, | |
| 779 | bool *p, | |
| 780 | CGroupMask mask, | |
| 781 | sd_bus_message *message, | |
| 782 | UnitWriteFlags flags, | |
| 783 | sd_bus_error *error) { | |
| 784 | ||
| 785 | int b, r; | |
| 786 | ||
| 787 | assert(p); | |
| 788 | ||
| 789 | r = sd_bus_message_read(message, "b", &b); | |
| 790 | if (r < 0) | |
| 791 | return r; | |
| 792 | ||
| 793 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 794 | *p = b; | |
| 795 | unit_invalidate_cgroup(u, mask); | |
| 796 | unit_write_settingf(u, flags, name, "%s=%s", name, yes_no(b)); | |
| 797 | } | |
| 798 | ||
| 799 | return 1; | |
| 800 | } | |
| 801 | ||
| 906bdbf5 YW |
802 | #define BUS_DEFINE_SET_CGROUP_WEIGHT(function, mask, check, val) \ |
| 803 | static int bus_cgroup_set_##function( \ | |
| 804 | Unit *u, \ | |
| 805 | const char *name, \ | |
| 806 | uint64_t *p, \ | |
| 807 | sd_bus_message *message, \ | |
| 808 | UnitWriteFlags flags, \ | |
| 809 | sd_bus_error *error) { \ | |
| 810 | \ | |
| 811 | uint64_t v; \ | |
| 812 | int r; \ | |
| 813 | \ | |
| 814 | assert(p); \ | |
| 815 | \ | |
| 816 | r = sd_bus_message_read(message, "t", &v); \ | |
| 817 | if (r < 0) \ | |
| 818 | return r; \ | |
| 819 | \ | |
| 820 | if (!check(v)) \ | |
| 821 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
| 822 | "Value specified in %s is out of range", name); \ | |
| 823 | \ | |
| 824 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
| 825 | *p = v; \ | |
| 1454ab40 | 826 | unit_invalidate_cgroup(u, mask); \ |
| 906bdbf5 YW |
827 | \ |
| 828 | if (v == (val)) \ | |
| 829 | unit_write_settingf(u, flags, name, \ | |
| 830 | "%s=", name); \ | |
| 831 | else \ | |
| 832 | unit_write_settingf(u, flags, name, \ | |
| 833 | "%s=%" PRIu64, name, v); \ | |
| 834 | } \ | |
| 835 | \ | |
| 836 | return 1; \ | |
| 837 | } | |
| 838 | ||
| 839 | #define BUS_DEFINE_SET_CGROUP_LIMIT(function, mask, scale, minimum) \ | |
| 840 | static int bus_cgroup_set_##function( \ | |
| 841 | Unit *u, \ | |
| 842 | const char *name, \ | |
| 843 | uint64_t *p, \ | |
| 844 | sd_bus_message *message, \ | |
| 845 | UnitWriteFlags flags, \ | |
| 846 | sd_bus_error *error) { \ | |
| 847 | \ | |
| 848 | uint64_t v; \ | |
| 849 | int r; \ | |
| 850 | \ | |
| 851 | assert(p); \ | |
| 852 | \ | |
| 853 | r = sd_bus_message_read(message, "t", &v); \ | |
| 854 | if (r < 0) \ | |
| 855 | return r; \ | |
| 856 | \ | |
| 857 | if (v < minimum) \ | |
| 858 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
| 859 | "Value specified in %s is out of range", name); \ | |
| 860 | \ | |
| 861 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
| 862 | *p = v; \ | |
| 1454ab40 | 863 | unit_invalidate_cgroup(u, mask); \ |
| 906bdbf5 YW |
864 | \ |
| 865 | if (v == CGROUP_LIMIT_MAX) \ | |
| 866 | unit_write_settingf(u, flags, name, \ | |
| 867 | "%s=infinity", name); \ | |
| 868 | else \ | |
| 869 | unit_write_settingf(u, flags, name, \ | |
| 870 | "%s=%" PRIu64, name, v); \ | |
| 871 | } \ | |
| 872 | \ | |
| 873 | return 1; \ | |
| 874 | } \ | |
| 875 | static int bus_cgroup_set_##function##_scale( \ | |
| 876 | Unit *u, \ | |
| 877 | const char *name, \ | |
| 878 | uint64_t *p, \ | |
| 879 | sd_bus_message *message, \ | |
| 880 | UnitWriteFlags flags, \ | |
| 881 | sd_bus_error *error) { \ | |
| 882 | \ | |
| 883 | uint64_t v; \ | |
| 884 | uint32_t raw; \ | |
| 885 | int r; \ | |
| 886 | \ | |
| 887 | assert(p); \ | |
| 888 | \ | |
| 889 | r = sd_bus_message_read(message, "u", &raw); \ | |
| 890 | if (r < 0) \ | |
| 891 | return r; \ | |
| 892 | \ | |
| 893 | v = scale(raw, UINT32_MAX); \ | |
| 894 | if (v < minimum || v >= UINT64_MAX) \ | |
| 895 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, \ | |
| 896 | "Value specified in %s is out of range", name); \ | |
| 897 | \ | |
| 898 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \ | |
| 906bdbf5 | 899 | *p = v; \ |
| 1454ab40 | 900 | unit_invalidate_cgroup(u, mask); \ |
| 906bdbf5 | 901 | \ |
| e617e2cc ZJS |
902 | /* Prepare to chop off suffix */ \ |
| 903 | assert_se(endswith(name, "Scale")); \ | |
| 906bdbf5 | 904 | \ |
| 9cba32bc | 905 | int scaled = UINT32_SCALE_TO_PERMYRIAD(raw); \ |
| 1ead0b2a | 906 | unit_write_settingf(u, flags, name, "%.*s=" PERMYRIAD_AS_PERCENT_FORMAT_STR, \ |
| e617e2cc | 907 | (int)(strlen(name) - strlen("Scale")), name, \ |
| 1ead0b2a | 908 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(scaled)); \ |
| 906bdbf5 YW |
909 | } \ |
| 910 | \ | |
| 911 | return 1; \ | |
| 912 | } | |
| 913 | ||
| 6028d766 | 914 | DISABLE_WARNING_TYPE_LIMITS; |
| 906bdbf5 | 915 | BUS_DEFINE_SET_CGROUP_WEIGHT(io_weight, CGROUP_MASK_IO, CGROUP_WEIGHT_IS_OK, CGROUP_WEIGHT_INVALID); |
| 906bdbf5 | 916 | BUS_DEFINE_SET_CGROUP_LIMIT(memory, CGROUP_MASK_MEMORY, physical_memory_scale, 1); |
| 311a0e2e | 917 | BUS_DEFINE_SET_CGROUP_LIMIT(memory_protection, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| 906bdbf5 | 918 | BUS_DEFINE_SET_CGROUP_LIMIT(swap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| d7fe0a67 | 919 | BUS_DEFINE_SET_CGROUP_LIMIT(zswap, CGROUP_MASK_MEMORY, physical_memory_scale, 0); |
| 6028d766 | 920 | REENABLE_WARNING; |
| 681ae88e | 921 | |
| c8340822 | 922 | static int bus_cgroup_set_cpu_weight( |
| 923 | Unit *u, | |
| 924 | const char *name, | |
| 925 | uint64_t *p, | |
| 926 | sd_bus_message *message, | |
| 927 | UnitWriteFlags flags, | |
| 928 | sd_bus_error *error) { | |
| 929 | uint64_t v; | |
| 930 | int r; | |
| 931 | assert(p); | |
| 932 | r = sd_bus_message_read(message, "t", &v); | |
| 933 | if (r < 0) | |
| 934 | return r; | |
| 935 | if (!CGROUP_WEIGHT_IS_OK(v) && v != CGROUP_WEIGHT_IDLE) | |
| 936 | return sd_bus_error_setf( | |
| 937 | error, SD_BUS_ERROR_INVALID_ARGS, "Value specified in %s is out of range", name); | |
| 938 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 939 | *p = v; | |
| 940 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); | |
| 941 | if (v == CGROUP_WEIGHT_INVALID) | |
| 942 | unit_write_settingf(u, flags, name, "%s=", name); | |
| 943 | else if (v == CGROUP_WEIGHT_IDLE) | |
| 944 | unit_write_settingf(u, flags, name, "%s=idle", name); | |
| 945 | else | |
| 946 | unit_write_settingf(u, flags, name, "%s=%" PRIu64, name, v); | |
| 947 | } | |
| 948 | return 1; | |
| 949 | } | |
| 950 | ||
| 3a0f06c4 ZJS |
951 | static int bus_cgroup_set_tasks_max( |
| 952 | Unit *u, | |
| 953 | const char *name, | |
| 94f0b13b | 954 | CGroupTasksMax *p, |
| 3a0f06c4 ZJS |
955 | sd_bus_message *message, |
| 956 | UnitWriteFlags flags, | |
| 957 | sd_bus_error *error) { | |
| 958 | ||
| 959 | uint64_t v; | |
| 960 | int r; | |
| 961 | ||
| 962 | assert(p); | |
| 963 | ||
| 964 | r = sd_bus_message_read(message, "t", &v); | |
| 965 | if (r < 0) | |
| 966 | return r; | |
| 967 | ||
| 968 | if (v < 1) | |
| 969 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, | |
| 970 | "Value specified in %s is out of range", name); | |
| 971 | ||
| 972 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 94f0b13b | 973 | *p = (CGroupTasksMax) { .value = v, .scale = 0 }; /* When .scale==0, .value is the absolute value */ |
| 3a0f06c4 ZJS |
974 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
| 975 | ||
| 976 | if (v == CGROUP_LIMIT_MAX) | |
| 977 | unit_write_settingf(u, flags, name, | |
| 978 | "%s=infinity", name); | |
| 979 | else | |
| 980 | unit_write_settingf(u, flags, name, | |
| 981 | "%s=%" PRIu64, name, v); | |
| 982 | } | |
| 983 | ||
| 984 | return 1; | |
| 985 | } | |
| 986 | ||
| 987 | static int bus_cgroup_set_tasks_max_scale( | |
| 988 | Unit *u, | |
| 989 | const char *name, | |
| 94f0b13b | 990 | CGroupTasksMax *p, |
| 3a0f06c4 ZJS |
991 | sd_bus_message *message, |
| 992 | UnitWriteFlags flags, | |
| 993 | sd_bus_error *error) { | |
| 994 | ||
| 995 | uint32_t v; | |
| 996 | int r; | |
| 997 | ||
| 998 | assert(p); | |
| 999 | ||
| 1000 | r = sd_bus_message_read(message, "u", &v); | |
| 1001 | if (r < 0) | |
| 1002 | return r; | |
| 1003 | ||
| 1004 | if (v < 1 || v >= UINT32_MAX) | |
| 1005 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, | |
| 1006 | "Value specified in %s is out of range", name); | |
| 1007 | ||
| 1008 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 94f0b13b | 1009 | *p = (CGroupTasksMax) { v, UINT32_MAX }; /* .scale is not 0, so this is interpreted as v/UINT32_MAX. */ |
| 3a0f06c4 ZJS |
1010 | unit_invalidate_cgroup(u, CGROUP_MASK_PIDS); |
| 1011 | ||
| 0877d4e0 ZJS |
1012 | uint32_t scaled = DIV_ROUND_UP((uint64_t) v * 100U, (uint64_t) UINT32_MAX); |
| 1013 | unit_write_settingf(u, flags, name, "%s=%" PRIu32 ".%" PRIu32 "%%", "TasksMax", | |
| 1014 | scaled / 10, scaled % 10); | |
| 3a0f06c4 ZJS |
1015 | } |
| 1016 | ||
| 1017 | return 1; | |
| 1018 | } | |
| 1019 | ||
| 8e2af478 LP |
1020 | int bus_cgroup_set_property( |
| 1021 | Unit *u, | |
| 1022 | CGroupContext *c, | |
| 1023 | const char *name, | |
| 718db961 | 1024 | sd_bus_message *message, |
| 2e59b241 | 1025 | UnitWriteFlags flags, |
| 718db961 LP |
1026 | sd_bus_error *error) { |
| 1027 | ||
| 9be57249 | 1028 | CGroupIOLimitType iol_type; |
| 718db961 | 1029 | int r; |
| 8e2af478 | 1030 | |
| 8e2af478 LP |
1031 | assert(u); |
| 1032 | assert(c); | |
| 718db961 LP |
1033 | assert(name); |
| 1034 | assert(message); | |
| 8e2af478 | 1035 | |
| 2e59b241 LP |
1036 | flags |= UNIT_PRIVATE; |
| 1037 | ||
| 681ae88e YW |
1038 | if (streq(name, "CPUWeight")) |
| 1039 | return bus_cgroup_set_cpu_weight(u, name, &c->cpu_weight, message, flags, error); | |
| 8e2af478 | 1040 | |
| 681ae88e YW |
1041 | if (streq(name, "StartupCPUWeight")) |
| 1042 | return bus_cgroup_set_cpu_weight(u, name, &c->startup_cpu_weight, message, flags, error); | |
| b42defe3 | 1043 | |
| 681ae88e YW |
1044 | if (streq(name, "IOAccounting")) |
| 1045 | return bus_cgroup_set_boolean(u, name, &c->io_accounting, CGROUP_MASK_IO, message, flags, error); | |
| 66ebf6c0 | 1046 | |
| 681ae88e YW |
1047 | if (streq(name, "IOWeight")) |
| 1048 | return bus_cgroup_set_io_weight(u, name, &c->io_weight, message, flags, error); | |
| 66ebf6c0 | 1049 | |
| 681ae88e YW |
1050 | if (streq(name, "StartupIOWeight")) |
| 1051 | return bus_cgroup_set_io_weight(u, name, &c->startup_io_weight, message, flags, error); | |
| 66ebf6c0 | 1052 | |
| 681ae88e YW |
1053 | if (streq(name, "MemoryAccounting")) |
| 1054 | return bus_cgroup_set_boolean(u, name, &c->memory_accounting, CGROUP_MASK_MEMORY, message, flags, error); | |
| b42defe3 | 1055 | |
| 311a0e2e ZJS |
1056 | if (streq(name, "MemoryMin")) { |
| 1057 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_min, message, flags, error); | |
| 1058 | if (r > 0) | |
| 1059 | c->memory_min_set = true; | |
| 1060 | return r; | |
| 1061 | } | |
| 48422635 | 1062 | |
| 311a0e2e ZJS |
1063 | if (streq(name, "MemoryLow")) { |
| 1064 | r = bus_cgroup_set_memory_protection(u, name, &c->memory_low, message, flags, error); | |
| 1065 | if (r > 0) | |
| 1066 | c->memory_low_set = true; | |
| 1067 | return r; | |
| 1068 | } | |
| b42defe3 | 1069 | |
| 53fda560 LB |
1070 | if (streq(name, "StartupMemoryLow")) { |
| 1071 | r = bus_cgroup_set_memory_protection(u, name, &c->startup_memory_low, message, flags, error); | |
| 1072 | if (r > 0) | |
| 1073 | c->startup_memory_low_set = true; | |
| 1074 | return r; | |
| 1075 | } | |
| 1076 | ||
| 311a0e2e ZJS |
1077 | if (streq(name, "DefaultMemoryMin")) { |
| 1078 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_min, message, flags, error); | |
| 1079 | if (r > 0) | |
| 1080 | c->default_memory_min_set = true; | |
| 1081 | return r; | |
| 1082 | } | |
| 7ad5439e | 1083 | |
| 311a0e2e ZJS |
1084 | if (streq(name, "DefaultMemoryLow")) { |
| 1085 | r = bus_cgroup_set_memory_protection(u, name, &c->default_memory_low, message, flags, error); | |
| 1086 | if (r > 0) | |
| 1087 | c->default_memory_low_set = true; | |
| 1088 | return r; | |
| 1089 | } | |
| c52db42b | 1090 | |
| 53fda560 LB |
1091 | if (streq(name, "DefaultStartupMemoryLow")) { |
| 1092 | r = bus_cgroup_set_memory_protection(u, name, &c->default_startup_memory_low, message, flags, error); | |
| 1093 | if (r > 0) | |
| 1094 | c->default_startup_memory_low_set = true; | |
| 1095 | return r; | |
| 1096 | } | |
| 1097 | ||
| 681ae88e YW |
1098 | if (streq(name, "MemoryHigh")) |
| 1099 | return bus_cgroup_set_memory(u, name, &c->memory_high, message, flags, error); | |
| b42defe3 | 1100 | |
| 53fda560 LB |
1101 | if (streq(name, "StartupMemoryHigh")) { |
| 1102 | r = bus_cgroup_set_memory(u, name, &c->startup_memory_high, message, flags, error); | |
| 1103 | if (r > 0) | |
| 1104 | c->startup_memory_high_set = true; | |
| 1105 | return r; | |
| 1106 | } | |
| 1107 | ||
| 681ae88e | 1108 | if (streq(name, "MemorySwapMax")) |
| 906bdbf5 | 1109 | return bus_cgroup_set_swap(u, name, &c->memory_swap_max, message, flags, error); |
| 95ae05c0 | 1110 | |
| 53fda560 LB |
1111 | if (streq(name, "StartupMemorySwapMax")) { |
| 1112 | r = bus_cgroup_set_swap(u, name, &c->startup_memory_swap_max, message, flags, error); | |
| 1113 | if (r > 0) | |
| 1114 | c->startup_memory_swap_max_set = true; | |
| 1115 | return r; | |
| 1116 | } | |
| 1117 | ||
| d7fe0a67 PV |
1118 | if (streq(name, "MemoryZSwapMax")) |
| 1119 | return bus_cgroup_set_zswap(u, name, &c->memory_zswap_max, message, flags, error); | |
| 1120 | ||
| 53fda560 LB |
1121 | if (streq(name, "StartupMemoryZSwapMax")) { |
| 1122 | r = bus_cgroup_set_zswap(u, name, &c->startup_memory_zswap_max, message, flags, error); | |
| 1123 | if (r > 0) | |
| 1124 | c->startup_memory_zswap_max_set = true; | |
| 1125 | return r; | |
| 1126 | } | |
| 1127 | ||
| 681ae88e YW |
1128 | if (streq(name, "MemoryMax")) |
| 1129 | return bus_cgroup_set_memory(u, name, &c->memory_max, message, flags, error); | |
| d53d9474 | 1130 | |
| 53fda560 LB |
1131 | if (streq(name, "StartupMemoryMax")) { |
| 1132 | r = bus_cgroup_set_memory(u, name, &c->startup_memory_max, message, flags, error); | |
| 1133 | if (r > 0) | |
| 1134 | c->startup_memory_max_set = true; | |
| 1135 | return r; | |
| 1136 | } | |
| 1137 | ||
| 311a0e2e ZJS |
1138 | if (streq(name, "MemoryMinScale")) { |
| 1139 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); | |
| 1140 | if (r > 0) | |
| 1141 | c->memory_min_set = true; | |
| 1142 | return r; | |
| 1143 | } | |
| 48422635 | 1144 | |
| 311a0e2e ZJS |
1145 | if (streq(name, "MemoryLowScale")) { |
| 1146 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_low, message, flags, error); | |
| 1147 | if (r > 0) | |
| 1148 | c->memory_low_set = true; | |
| 1149 | return r; | |
| 1150 | } | |
| c52db42b | 1151 | |
| 311a0e2e ZJS |
1152 | if (streq(name, "DefaultMemoryMinScale")) { |
| 1153 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_min, message, flags, error); | |
| 1154 | if (r > 0) | |
| 1155 | c->default_memory_min_set = true; | |
| 1156 | return r; | |
| 1157 | } | |
| 7ad5439e | 1158 | |
| 311a0e2e ZJS |
1159 | if (streq(name, "DefaultMemoryLowScale")) { |
| 1160 | r = bus_cgroup_set_memory_protection_scale(u, name, &c->default_memory_low, message, flags, error); | |
| 1161 | if (r > 0) | |
| 1162 | c->default_memory_low_set = true; | |
| 1163 | return r; | |
| 1164 | } | |
| 681ae88e YW |
1165 | |
| 1166 | if (streq(name, "MemoryHighScale")) | |
| 1167 | return bus_cgroup_set_memory_scale(u, name, &c->memory_high, message, flags, error); | |
| 1168 | ||
| 1169 | if (streq(name, "MemorySwapMaxScale")) | |
| 906bdbf5 | 1170 | return bus_cgroup_set_swap_scale(u, name, &c->memory_swap_max, message, flags, error); |
| 681ae88e | 1171 | |
| d7fe0a67 PV |
1172 | if (streq(name, "MemoryZSwapMaxScale")) |
| 1173 | return bus_cgroup_set_zswap_scale(u, name, &c->memory_zswap_max, message, flags, error); | |
| 1174 | ||
| 681ae88e YW |
1175 | if (streq(name, "MemoryMaxScale")) |
| 1176 | return bus_cgroup_set_memory_scale(u, name, &c->memory_max, message, flags, error); | |
| 95ae05c0 | 1177 | |
| 1ea275f1 MY |
1178 | if (streq(name, "MemoryZSwapWriteback")) |
| 1179 | return bus_cgroup_set_boolean(u, name, &c->memory_zswap_writeback, CGROUP_MASK_MEMORY, message, flags, error); | |
| 1180 | ||
| 60644c3d | 1181 | if (streq(name, "TasksAccounting")) |
| 681ae88e YW |
1182 | return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); |
| 1183 | ||
| 1184 | if (streq(name, "TasksMax")) | |
| 1185 | return bus_cgroup_set_tasks_max(u, name, &c->tasks_max, message, flags, error); | |
| 1186 | ||
| 1187 | if (streq(name, "TasksMaxScale")) | |
| 1188 | return bus_cgroup_set_tasks_max_scale(u, name, &c->tasks_max, message, flags, error); | |
| 1189 | ||
| 1190 | if (streq(name, "CPUQuotaPerSecUSec")) { | |
| b2f8b02e LP |
1191 | uint64_t u64; |
| 1192 | ||
| 1193 | r = sd_bus_message_read(message, "t", &u64); | |
| 1194 | if (r < 0) | |
| 1195 | return r; | |
| 1196 | ||
| 1197 | if (u64 <= 0) | |
| 1b09b81c | 1198 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "CPUQuotaPerSecUSec= value out of range"); |
| b2f8b02e | 1199 | |
| 2e59b241 | 1200 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| b2f8b02e | 1201 | c->cpu_quota_per_sec_usec = u64; |
| 9cc54544 LP |
1202 | CGroupRuntime *crt = unit_get_cgroup_runtime(u); |
| 1203 | if (crt) | |
| 1204 | crt->warned_clamping_cpu_quota_period = false; | |
| e7ab4d1a | 1205 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
| 2e59b241 | 1206 | |
| d4bf82fc | 1207 | if (c->cpu_quota_per_sec_usec == USEC_INFINITY) |
| 2e59b241 | 1208 | unit_write_setting(u, flags, "CPUQuota", "CPUQuota="); |
| d4bf82fc | 1209 | else |
| 2e59b241 | 1210 | unit_write_settingf(u, flags, "CPUQuota", |
| 1a48d854 DDM |
1211 | "CPUQuota=" USEC_FMT ".%02" PRI_USEC "%%", |
| 1212 | c->cpu_quota_per_sec_usec / 10000, | |
| 1213 | (c->cpu_quota_per_sec_usec % 10000) / 100); | |
| b2f8b02e LP |
1214 | } |
| 1215 | ||
| 1216 | return 1; | |
| 1217 | ||
| 10f28641 FB |
1218 | } else if (streq(name, "CPUQuotaPeriodUSec")) { |
| 1219 | uint64_t u64; | |
| 1220 | ||
| 1221 | r = sd_bus_message_read(message, "t", &u64); | |
| 1222 | if (r < 0) | |
| 1223 | return r; | |
| 1224 | ||
| 1225 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1226 | c->cpu_quota_period_usec = u64; | |
| 9cc54544 LP |
1227 | CGroupRuntime *crt = unit_get_cgroup_runtime(u); |
| 1228 | if (crt) | |
| 1229 | crt->warned_clamping_cpu_quota_period = false; | |
| 10f28641 FB |
1230 | unit_invalidate_cgroup(u, CGROUP_MASK_CPU); |
| 1231 | if (c->cpu_quota_period_usec == USEC_INFINITY) | |
| 1232 | unit_write_setting(u, flags, "CPUQuotaPeriodSec", "CPUQuotaPeriodSec="); | |
| 5291f26d | 1233 | else |
| 10f28641 FB |
1234 | unit_write_settingf(u, flags, "CPUQuotaPeriodSec", |
| 1235 | "CPUQuotaPeriodSec=%s", | |
| 5291f26d | 1236 | FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1)); |
| 10f28641 FB |
1237 | } |
| 1238 | ||
| 1239 | return 1; | |
| 1240 | ||
| 31d3a520 | 1241 | } else if (STR_IN_SET(name, "AllowedCPUs", "StartupAllowedCPUs", "AllowedMemoryNodes", "StartupAllowedMemoryNodes")) { |
| 047f5d63 PH |
1242 | const void *a; |
| 1243 | size_t n; | |
| 296fe3d5 | 1244 | _cleanup_(cpu_set_done) CPUSet new_set = {}; |
| 047f5d63 PH |
1245 | |
| 1246 | r = sd_bus_message_read_array(message, 'y', &a, &n); | |
| 1247 | if (r < 0) | |
| 1248 | return r; | |
| 1249 | ||
| 1250 | r = cpu_set_from_dbus(a, n, &new_set); | |
| 1251 | if (r < 0) | |
| 1252 | return r; | |
| 1253 | ||
| 1254 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1255 | _cleanup_free_ char *setstr = NULL; | |
| 31d3a520 | 1256 | CPUSet *set = NULL; |
| 047f5d63 PH |
1257 | |
| 1258 | setstr = cpu_set_to_range_string(&new_set); | |
| a897a7b8 LP |
1259 | if (!setstr) |
| 1260 | return -ENOMEM; | |
| 047f5d63 PH |
1261 | |
| 1262 | if (streq(name, "AllowedCPUs")) | |
| 1263 | set = &c->cpuset_cpus; | |
| 31d3a520 PM |
1264 | else if (streq(name, "StartupAllowedCPUs")) |
| 1265 | set = &c->startup_cpuset_cpus; | |
| 1266 | else if (streq(name, "AllowedMemoryNodes")) | |
| 047f5d63 | 1267 | set = &c->cpuset_mems; |
| 31d3a520 PM |
1268 | else if (streq(name, "StartupAllowedMemoryNodes")) |
| 1269 | set = &c->startup_cpuset_mems; | |
| 296fe3d5 YW |
1270 | else |
| 1271 | assert_not_reached(); | |
| 31d3a520 | 1272 | |
| 296fe3d5 | 1273 | cpu_set_done_and_replace(*set, new_set); |
| a897a7b8 | 1274 | |
| 047f5d63 | 1275 | unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); |
| 1dbccd6d | 1276 | unit_write_settingf(u, flags, name, "%s=\n%s=%s", name, name, setstr); |
| 047f5d63 PH |
1277 | } |
| 1278 | ||
| 1279 | return 1; | |
| 1280 | ||
| 9be57249 | 1281 | } else if ((iol_type = cgroup_io_limit_type_from_string(name)) >= 0) { |
| 13c31542 | 1282 | const char *path; |
| 13c31542 TH |
1283 | unsigned n = 0; |
| 1284 | uint64_t u64; | |
| 1285 | ||
| 13c31542 TH |
1286 | r = sd_bus_message_enter_container(message, 'a', "(st)"); |
| 1287 | if (r < 0) | |
| 1288 | return r; | |
| 1289 | ||
| 1290 | while ((r = sd_bus_message_read(message, "(st)", &path, &u64)) > 0) { | |
| 1291 | ||
| 9d5e9b4a LP |
1292 | if (!path_is_normalized(path)) |
| 1293 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
| d9f7305f | 1294 | |
| 2e59b241 | 1295 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 03677889 | 1296 | CGroupIODeviceLimit *a = NULL; |
| 13c31542 | 1297 | |
| 03677889 | 1298 | LIST_FOREACH(device_limits, b, c->io_device_limits) |
| 13c31542 TH |
1299 | if (path_equal(path, b->path)) { |
| 1300 | a = b; | |
| 1301 | break; | |
| 1302 | } | |
| 13c31542 TH |
1303 | |
| 1304 | if (!a) { | |
| 9be57249 TH |
1305 | CGroupIOLimitType type; |
| 1306 | ||
| 13c31542 TH |
1307 | a = new0(CGroupIODeviceLimit, 1); |
| 1308 | if (!a) | |
| 1309 | return -ENOMEM; | |
| 1310 | ||
| 1311 | a->path = strdup(path); | |
| 1312 | if (!a->path) { | |
| 1313 | free(a); | |
| 1314 | return -ENOMEM; | |
| 1315 | } | |
| 1316 | ||
| 9be57249 TH |
1317 | for (type = 0; type < _CGROUP_IO_LIMIT_TYPE_MAX; type++) |
| 1318 | a->limits[type] = cgroup_io_limit_defaults[type]; | |
| 13c31542 | 1319 | |
| 0fa0dfa0 | 1320 | LIST_APPEND(device_limits, c->io_device_limits, a); |
| 13c31542 TH |
1321 | } |
| 1322 | ||
| 9be57249 | 1323 | a->limits[iol_type] = u64; |
| 13c31542 TH |
1324 | } |
| 1325 | ||
| 1326 | n++; | |
| 1327 | } | |
| 1328 | if (r < 0) | |
| 1329 | return r; | |
| 1330 | ||
| 1331 | r = sd_bus_message_exit_container(message); | |
| 1332 | if (r < 0) | |
| 1333 | return r; | |
| 1334 | ||
| 2e59b241 | 1335 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 2485b7e2 | 1336 | _cleanup_(memstream_done) MemStream m = {}; |
| 13c31542 | 1337 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 1338 | FILE *f; |
| 13c31542 | 1339 | |
| 03677889 | 1340 | if (n == 0) |
| 13c31542 | 1341 | LIST_FOREACH(device_limits, a, c->io_device_limits) |
| 9be57249 | 1342 | a->limits[iol_type] = cgroup_io_limit_defaults[iol_type]; |
| 13c31542 TH |
1343 | |
| 1344 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
| 1345 | ||
| 2485b7e2 | 1346 | f = memstream_init(&m); |
| 13c31542 TH |
1347 | if (!f) |
| 1348 | return -ENOMEM; | |
| 1349 | ||
| 9be57249 TH |
1350 | fprintf(f, "%s=\n", name); |
| 1351 | LIST_FOREACH(device_limits, a, c->io_device_limits) | |
| 03677889 YW |
1352 | if (a->limits[iol_type] != cgroup_io_limit_defaults[iol_type]) |
| 1353 | fprintf(f, "%s=%s %" PRIu64 "\n", name, a->path, a->limits[iol_type]); | |
| 13c31542 | 1354 | |
| 2485b7e2 | 1355 | r = memstream_finalize(&m, &buf, NULL); |
| 13c31542 TH |
1356 | if (r < 0) |
| 1357 | return r; | |
| 2485b7e2 | 1358 | |
| 2e59b241 | 1359 | unit_write_setting(u, flags, name, buf); |
| 13c31542 TH |
1360 | } |
| 1361 | ||
| 1362 | return 1; | |
| 1363 | ||
| 1364 | } else if (streq(name, "IODeviceWeight")) { | |
| 1365 | const char *path; | |
| 1366 | uint64_t weight; | |
| 1367 | unsigned n = 0; | |
| 1368 | ||
| 1369 | r = sd_bus_message_enter_container(message, 'a', "(st)"); | |
| 1370 | if (r < 0) | |
| 1371 | return r; | |
| 1372 | ||
| 1373 | while ((r = sd_bus_message_read(message, "(st)", &path, &weight)) > 0) { | |
| 1374 | ||
| 9d5e9b4a LP |
1375 | if (!path_is_normalized(path)) |
| 1376 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
| d9f7305f | 1377 | |
| 13c31542 | 1378 | if (!CGROUP_WEIGHT_IS_OK(weight) || weight == CGROUP_WEIGHT_INVALID) |
| 1b09b81c | 1379 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "IODeviceWeight= value out of range"); |
| 13c31542 | 1380 | |
| 2e59b241 | 1381 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 03677889 | 1382 | CGroupIODeviceWeight *a = NULL; |
| 13c31542 | 1383 | |
| 03677889 | 1384 | LIST_FOREACH(device_weights, b, c->io_device_weights) |
| 13c31542 TH |
1385 | if (path_equal(b->path, path)) { |
| 1386 | a = b; | |
| 1387 | break; | |
| 1388 | } | |
| 13c31542 TH |
1389 | |
| 1390 | if (!a) { | |
| 1391 | a = new0(CGroupIODeviceWeight, 1); | |
| 1392 | if (!a) | |
| 1393 | return -ENOMEM; | |
| 1394 | ||
| 1395 | a->path = strdup(path); | |
| 1396 | if (!a->path) { | |
| 1397 | free(a); | |
| 1398 | return -ENOMEM; | |
| 1399 | } | |
| 0fa0dfa0 | 1400 | LIST_APPEND(device_weights, c->io_device_weights, a); |
| 13c31542 TH |
1401 | } |
| 1402 | ||
| 1403 | a->weight = weight; | |
| 1404 | } | |
| 1405 | ||
| 1406 | n++; | |
| 1407 | } | |
| 1408 | ||
| 1409 | r = sd_bus_message_exit_container(message); | |
| 1410 | if (r < 0) | |
| 1411 | return r; | |
| 1412 | ||
| 2e59b241 | 1413 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 2485b7e2 | 1414 | _cleanup_(memstream_done) MemStream m = {}; |
| 13c31542 | 1415 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 1416 | FILE *f; |
| 13c31542 | 1417 | |
| 03677889 | 1418 | if (n == 0) |
| 13c31542 TH |
1419 | while (c->io_device_weights) |
| 1420 | cgroup_context_free_io_device_weight(c, c->io_device_weights); | |
| 13c31542 TH |
1421 | |
| 1422 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
| 1423 | ||
| 2485b7e2 | 1424 | f = memstream_init(&m); |
| 13c31542 TH |
1425 | if (!f) |
| 1426 | return -ENOMEM; | |
| 1427 | ||
| 0d536673 | 1428 | fputs("IODeviceWeight=\n", f); |
| 13c31542 TH |
1429 | LIST_FOREACH(device_weights, a, c->io_device_weights) |
| 1430 | fprintf(f, "IODeviceWeight=%s %" PRIu64 "\n", a->path, a->weight); | |
| 1431 | ||
| 2485b7e2 | 1432 | r = memstream_finalize(&m, &buf, NULL); |
| 13c31542 TH |
1433 | if (r < 0) |
| 1434 | return r; | |
| 2485b7e2 | 1435 | |
| 2e59b241 | 1436 | unit_write_setting(u, flags, name, buf); |
| 6ae4283c TH |
1437 | } |
| 1438 | ||
| 1439 | return 1; | |
| 1440 | ||
| 1441 | } else if (streq(name, "IODeviceLatencyTargetUSec")) { | |
| 1442 | const char *path; | |
| 1443 | uint64_t target; | |
| 1444 | unsigned n = 0; | |
| 1445 | ||
| 1446 | r = sd_bus_message_enter_container(message, 'a', "(st)"); | |
| 1447 | if (r < 0) | |
| 1448 | return r; | |
| 1449 | ||
| 1450 | while ((r = sd_bus_message_read(message, "(st)", &path, &target)) > 0) { | |
| 1451 | ||
| 1452 | if (!path_is_normalized(path)) | |
| 1453 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Path '%s' specified in %s= is not normalized.", name, path); | |
| 1454 | ||
| 1455 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 03677889 | 1456 | CGroupIODeviceLatency *a = NULL; |
| 6ae4283c | 1457 | |
| 03677889 | 1458 | LIST_FOREACH(device_latencies, b, c->io_device_latencies) |
| 6ae4283c TH |
1459 | if (path_equal(b->path, path)) { |
| 1460 | a = b; | |
| 1461 | break; | |
| 1462 | } | |
| 6ae4283c TH |
1463 | |
| 1464 | if (!a) { | |
| 1465 | a = new0(CGroupIODeviceLatency, 1); | |
| 1466 | if (!a) | |
| 1467 | return -ENOMEM; | |
| 1468 | ||
| 1469 | a->path = strdup(path); | |
| 1470 | if (!a->path) { | |
| 1471 | free(a); | |
| 1472 | return -ENOMEM; | |
| 1473 | } | |
| 0fa0dfa0 | 1474 | LIST_APPEND(device_latencies, c->io_device_latencies, a); |
| 6ae4283c TH |
1475 | } |
| 1476 | ||
| 1477 | a->target_usec = target; | |
| 1478 | } | |
| 1479 | ||
| 1480 | n++; | |
| 1481 | } | |
| 1482 | ||
| 1483 | r = sd_bus_message_exit_container(message); | |
| 1484 | if (r < 0) | |
| 1485 | return r; | |
| 1486 | ||
| 1487 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 2485b7e2 | 1488 | _cleanup_(memstream_done) MemStream m = {}; |
| 6ae4283c | 1489 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 1490 | FILE *f; |
| 6ae4283c | 1491 | |
| 03677889 | 1492 | if (n == 0) |
| 6ae4283c TH |
1493 | while (c->io_device_latencies) |
| 1494 | cgroup_context_free_io_device_latency(c, c->io_device_latencies); | |
| 6ae4283c TH |
1495 | |
| 1496 | unit_invalidate_cgroup(u, CGROUP_MASK_IO); | |
| 1497 | ||
| 2485b7e2 | 1498 | f = memstream_init(&m); |
| 6ae4283c TH |
1499 | if (!f) |
| 1500 | return -ENOMEM; | |
| 1501 | ||
| 6ae4283c TH |
1502 | fputs("IODeviceLatencyTargetSec=\n", f); |
| 1503 | LIST_FOREACH(device_latencies, a, c->io_device_latencies) | |
| 1504 | fprintf(f, "IODeviceLatencyTargetSec=%s %s\n", | |
| 5291f26d | 1505 | a->path, FORMAT_TIMESPAN(a->target_usec, 1)); |
| 6ae4283c | 1506 | |
| 2485b7e2 | 1507 | r = memstream_finalize(&m, &buf, NULL); |
| 6ae4283c TH |
1508 | if (r < 0) |
| 1509 | return r; | |
| 2485b7e2 | 1510 | |
| 6ae4283c | 1511 | unit_write_setting(u, flags, name, buf); |
| 13c31542 TH |
1512 | } |
| 1513 | ||
| 1514 | return 1; | |
| 1515 | ||
| 7041efe9 LP |
1516 | } else if (streq(name, "DevicePolicy")) { |
| 1517 | const char *policy; | |
| 1518 | CGroupDevicePolicy p; | |
| 1519 | ||
| 718db961 LP |
1520 | r = sd_bus_message_read(message, "s", &policy); |
| 1521 | if (r < 0) | |
| 1522 | return r; | |
| 7041efe9 | 1523 | |
| 7041efe9 LP |
1524 | p = cgroup_device_policy_from_string(policy); |
| 1525 | if (p < 0) | |
| 7211c853 | 1526 | return p; |
| 7041efe9 | 1527 | |
| 2e59b241 | 1528 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 7041efe9 | 1529 | c->device_policy = p; |
| e7ab4d1a | 1530 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
| 2e59b241 | 1531 | unit_write_settingf(u, flags, name, "DevicePolicy=%s", policy); |
| 7041efe9 LP |
1532 | } |
| 1533 | ||
| 1534 | return 1; | |
| 1535 | ||
| 1536 | } else if (streq(name, "DeviceAllow")) { | |
| 718db961 | 1537 | const char *path, *rwm; |
| 7041efe9 LP |
1538 | unsigned n = 0; |
| 1539 | ||
| 718db961 LP |
1540 | r = sd_bus_message_enter_container(message, 'a', "(ss)"); |
| 1541 | if (r < 0) | |
| 1542 | return r; | |
| 7041efe9 | 1543 | |
| 718db961 | 1544 | while ((r = sd_bus_message_read(message, "(ss)", &path, &rwm)) > 0) { |
| a1044811 | 1545 | CGroupDevicePermissions p; |
| 7041efe9 | 1546 | |
| 57e84e75 | 1547 | if (!valid_device_allow_pattern(path) || strpbrk(path, WHITESPACE)) |
| 1b09b81c | 1548 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires device node or pattern"); |
| 7041efe9 LP |
1549 | |
| 1550 | if (isempty(rwm)) | |
| a1044811 LP |
1551 | p = _CGROUP_DEVICE_PERMISSIONS_ALL; |
| 1552 | else { | |
| 1553 | p = cgroup_device_permissions_from_string(rwm); | |
| 1554 | if (p < 0) | |
| 1555 | return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "DeviceAllow= requires combination of rwm flags"); | |
| 1556 | } | |
| 7041efe9 | 1557 | |
| 2e59b241 | 1558 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| a1044811 | 1559 | r = cgroup_context_add_or_update_device_allow(c, path, p); |
| c3166b25 LB |
1560 | if (r < 0) |
| 1561 | return r; | |
| 7041efe9 LP |
1562 | } |
| 1563 | ||
| c2756a68 | 1564 | n++; |
| 7041efe9 | 1565 | } |
| 43a99a7a LP |
1566 | if (r < 0) |
| 1567 | return r; | |
| 7041efe9 | 1568 | |
| 9c96019d LP |
1569 | r = sd_bus_message_exit_container(message); |
| 1570 | if (r < 0) | |
| 1571 | return r; | |
| 1572 | ||
| 2e59b241 | 1573 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 2485b7e2 | 1574 | _cleanup_(memstream_done) MemStream m = {}; |
| 7041efe9 | 1575 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 1576 | FILE *f; |
| 7041efe9 | 1577 | |
| 03677889 | 1578 | if (n == 0) |
| 7041efe9 LP |
1579 | while (c->device_allow) |
| 1580 | cgroup_context_free_device_allow(c, c->device_allow); | |
| 7041efe9 | 1581 | |
| e7ab4d1a | 1582 | unit_invalidate_cgroup(u, CGROUP_MASK_DEVICES); |
| 3051f187 | 1583 | |
| 2485b7e2 | 1584 | f = memstream_init(&m); |
| 7041efe9 LP |
1585 | if (!f) |
| 1586 | return -ENOMEM; | |
| 1587 | ||
| 0d536673 | 1588 | fputs("DeviceAllow=\n", f); |
| 7041efe9 | 1589 | LIST_FOREACH(device_allow, a, c->device_allow) |
| a1044811 | 1590 | fprintf(f, "DeviceAllow=%s %s\n", a->path, cgroup_device_permissions_to_string(a->permissions)); |
| 7041efe9 | 1591 | |
| 2485b7e2 | 1592 | r = memstream_finalize(&m, &buf, NULL); |
| 1f2f874c NC |
1593 | if (r < 0) |
| 1594 | return r; | |
| 2485b7e2 | 1595 | |
| 2e59b241 | 1596 | unit_write_setting(u, flags, name, buf); |
| 7041efe9 LP |
1597 | } |
| 1598 | ||
| b42defe3 | 1599 | return 1; |
| a931ad47 | 1600 | |
| 3dc5ca97 LP |
1601 | } else if (streq(name, "IPAccounting")) { |
| 1602 | int b; | |
| 1603 | ||
| 1604 | r = sd_bus_message_read(message, "b", &b); | |
| 1605 | if (r < 0) | |
| 1606 | return r; | |
| 1607 | ||
| 2e59b241 | 1608 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 3dc5ca97 LP |
1609 | c->ip_accounting = b; |
| 1610 | ||
| 1611 | unit_invalidate_cgroup_bpf(u); | |
| 2e59b241 | 1612 | unit_write_settingf(u, flags, name, "IPAccounting=%s", yes_no(b)); |
| 3dc5ca97 LP |
1613 | } |
| 1614 | ||
| 1615 | return 1; | |
| 1616 | ||
| 1617 | } else if (STR_IN_SET(name, "IPAddressAllow", "IPAddressDeny")) { | |
| 84ebe6f0 | 1618 | _cleanup_set_free_ Set *new_prefixes = NULL; |
| 3dc5ca97 LP |
1619 | size_t n = 0; |
| 1620 | ||
| 3dc5ca97 LP |
1621 | r = sd_bus_message_enter_container(message, 'a', "(iayu)"); |
| 1622 | if (r < 0) | |
| 1623 | return r; | |
| 1624 | ||
| 1625 | for (;;) { | |
| 3dc5ca97 LP |
1626 | r = sd_bus_message_enter_container(message, 'r', "iayu"); |
| 1627 | if (r < 0) | |
| 1628 | return r; | |
| 1629 | if (r == 0) | |
| 1630 | break; | |
| 1631 | ||
| 26474945 YW |
1632 | struct in_addr_prefix prefix; |
| 1633 | r = bus_message_read_in_addr_auto(message, error, &prefix.family, &prefix.address); | |
| 3dc5ca97 LP |
1634 | if (r < 0) |
| 1635 | return r; | |
| 1636 | ||
| 26474945 | 1637 | uint32_t prefixlen; |
| 3dc5ca97 LP |
1638 | r = sd_bus_message_read(message, "u", &prefixlen); |
| 1639 | if (r < 0) | |
| 1640 | return r; | |
| 1641 | ||
| 26474945 YW |
1642 | if (prefixlen > FAMILY_ADDRESS_SIZE(prefix.family)*8) |
| 1643 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, | |
| 1644 | "Prefix length %" PRIu32 " too large for address family %s.", | |
| 1645 | prefixlen, af_to_name(prefix.family)); | |
| 3dc5ca97 | 1646 | |
| 2e59b241 | 1647 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 26474945 | 1648 | prefix.prefixlen = (uint8_t) prefixlen; |
| 3dc5ca97 | 1649 | |
| 84ebe6f0 YW |
1650 | r = in_addr_prefix_add(&new_prefixes, &prefix); |
| 1651 | if (r < 0) | |
| 1652 | return r; | |
| 3dc5ca97 LP |
1653 | } |
| 1654 | ||
| 1655 | r = sd_bus_message_exit_container(message); | |
| 1656 | if (r < 0) | |
| 1657 | return r; | |
| 1658 | ||
| 1659 | n++; | |
| 1660 | } | |
| 1661 | ||
| 1662 | r = sd_bus_message_exit_container(message); | |
| 1663 | if (r < 0) | |
| 1664 | return r; | |
| 1665 | ||
| 2e59b241 | 1666 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| 2485b7e2 | 1667 | _cleanup_(memstream_done) MemStream m = {}; |
| 3dc5ca97 | 1668 | _cleanup_free_ char *buf = NULL; |
| 84ebe6f0 YW |
1669 | Set **prefixes; |
| 1670 | bool *reduced; | |
| 2485b7e2 | 1671 | FILE *f; |
| 3dc5ca97 LP |
1672 | |
| 1673 | unit_invalidate_cgroup_bpf(u); | |
| 2485b7e2 YW |
1674 | |
| 1675 | f = memstream_init(&m); | |
| 3dc5ca97 LP |
1676 | if (!f) |
| 1677 | return -ENOMEM; | |
| 1678 | ||
| 84ebe6f0 YW |
1679 | prefixes = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny; |
| 1680 | reduced = streq(name, "IPAddressAllow") ? &c->ip_address_allow_reduced : &c->ip_address_deny_reduced; | |
| 3dc5ca97 | 1681 | |
| 77bbd9f1 YW |
1682 | fputs(name, f); |
| 1683 | fputs("=\n", f); | |
| 1684 | ||
| 84ebe6f0 YW |
1685 | if (n == 0) { |
| 1686 | *reduced = true; | |
| 1687 | *prefixes = set_free(*prefixes); | |
| 84ebe6f0 | 1688 | } else { |
| 84ebe6f0 | 1689 | *reduced = false; |
| 3dc5ca97 | 1690 | |
| 84ebe6f0 YW |
1691 | r = in_addr_prefixes_merge(prefixes, new_prefixes); |
| 1692 | if (r < 0) | |
| 1693 | return r; | |
| 1694 | ||
| c71384a9 | 1695 | const struct in_addr_prefix *p; |
| 77bbd9f1 | 1696 | SET_FOREACH(p, *prefixes) |
| c71384a9 ZJS |
1697 | fprintf(f, "%s=%s\n", name, |
| 1698 | IN_ADDR_PREFIX_TO_STRING(p->family, &p->address, p->prefixlen)); | |
| 3dc5ca97 LP |
1699 | } |
| 1700 | ||
| 2485b7e2 | 1701 | r = memstream_finalize(&m, &buf, NULL); |
| 3dc5ca97 LP |
1702 | if (r < 0) |
| 1703 | return r; | |
| 2e59b241 LP |
1704 | |
| 1705 | unit_write_setting(u, flags, name, buf); | |
| 3dc5ca97 LP |
1706 | } |
| 1707 | ||
| 03a7b521 | 1708 | return 1; |
| a931ad47 LP |
1709 | } |
| 1710 | ||
| 4d824a4e AZ |
1711 | if (STR_IN_SET(name, "ManagedOOMSwap", "ManagedOOMMemoryPressure")) { |
| 1712 | ManagedOOMMode *cgroup_mode = streq(name, "ManagedOOMSwap") ? &c->moom_swap : &c->moom_mem_pressure; | |
| 1713 | ManagedOOMMode m; | |
| 1714 | const char *mode; | |
| 1715 | ||
| 1716 | if (!UNIT_VTABLE(u)->can_set_managed_oom) | |
| 1717 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); | |
| 1718 | ||
| 1719 | r = sd_bus_message_read(message, "s", &mode); | |
| 1720 | if (r < 0) | |
| 1721 | return r; | |
| 1722 | ||
| 1723 | m = managed_oom_mode_from_string(mode); | |
| 1724 | if (m < 0) | |
| 1725 | return -EINVAL; | |
| 1726 | ||
| 1727 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1728 | *cgroup_mode = m; | |
| 1729 | unit_write_settingf(u, flags, name, "%s=%s", name, mode); | |
| 1730 | } | |
| 1731 | ||
| e30bbc90 | 1732 | (void) manager_varlink_send_managed_oom_update(u); |
| 4d824a4e AZ |
1733 | return 1; |
| 1734 | } | |
| 1735 | ||
| d9d3f05d | 1736 | if (streq(name, "ManagedOOMMemoryPressureLimit")) { |
| 0a9f9344 AZ |
1737 | uint32_t v; |
| 1738 | ||
| 4d824a4e AZ |
1739 | if (!UNIT_VTABLE(u)->can_set_managed_oom) |
| 1740 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); | |
| 1741 | ||
| 0a9f9344 | 1742 | r = sd_bus_message_read(message, "u", &v); |
| e30bbc90 AZ |
1743 | if (r < 0) |
| 1744 | return r; | |
| 1745 | ||
| 0a9f9344 | 1746 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { |
| d9d3f05d LP |
1747 | c->moom_mem_pressure_limit = v; |
| 1748 | unit_write_settingf(u, flags, name, | |
| 1749 | "ManagedOOMMemoryPressureLimit=" PERMYRIAD_AS_PERCENT_FORMAT_STR, | |
| 1750 | PERMYRIAD_AS_PERCENT_FORMAT_VAL(UINT32_SCALE_TO_PERMYRIAD(v))); | |
| 0a9f9344 AZ |
1751 | } |
| 1752 | ||
| e30bbc90 AZ |
1753 | if (c->moom_mem_pressure == MANAGED_OOM_KILL) |
| 1754 | (void) manager_varlink_send_managed_oom_update(u); | |
| 1755 | ||
| 1756 | return 1; | |
| 4d824a4e AZ |
1757 | } |
| 1758 | ||
| 63d4c427 RW |
1759 | if (streq(name, "ManagedOOMMemoryPressureDurationUSec")) { |
| 1760 | uint64_t t; | |
| 1761 | ||
| 1762 | if (!UNIT_VTABLE(u)->can_set_managed_oom) | |
| 1763 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Cannot set %s for this unit type", name); | |
| 1764 | ||
| 1765 | r = sd_bus_message_read(message, "t", &t); | |
| 1766 | if (r < 0) | |
| 1767 | return r; | |
| 1768 | ||
| 1769 | if (t < 1 * USEC_PER_SEC) | |
| 1770 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= must be at least 1s, got %s", name, | |
| 1771 | FORMAT_TIMESPAN(t, USEC_PER_SEC)); | |
| 1772 | ||
| 1773 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1774 | c->memory_pressure_threshold_usec = t; | |
| 1775 | if (c->memory_pressure_threshold_usec == USEC_INFINITY) | |
| 1776 | unit_write_setting(u, flags, name, "ManagedOOMMemoryPressureDurationSec="); | |
| 1777 | else | |
| 1778 | unit_write_settingf(u, flags, name, | |
| 1779 | "ManagedOOMMemoryPressureDurationSec=%s", | |
| 1780 | FORMAT_TIMESPAN(c->memory_pressure_threshold_usec, 1)); | |
| 1781 | } | |
| 1782 | ||
| 1783 | if (c->moom_mem_pressure == MANAGED_OOM_KILL) | |
| 1784 | (void) manager_varlink_send_managed_oom_update(u); | |
| 1785 | ||
| 1786 | return 1; | |
| 1787 | } | |
| 1788 | ||
| 4e806bfa AZ |
1789 | if (streq(name, "ManagedOOMPreference")) { |
| 1790 | ManagedOOMPreference p; | |
| 1791 | const char *pref; | |
| 1792 | ||
| 1793 | r = sd_bus_message_read(message, "s", &pref); | |
| 1794 | if (r < 0) | |
| 1795 | return r; | |
| 1796 | ||
| 1797 | p = managed_oom_preference_from_string(pref); | |
| 1798 | if (p < 0) | |
| 925484aa | 1799 | return p; |
| 4e806bfa AZ |
1800 | |
| 1801 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1802 | c->moom_preference = p; | |
| 1803 | unit_write_settingf(u, flags, name, "ManagedOOMPreference=%s", pref); | |
| 1804 | } | |
| 1805 | ||
| 1806 | return 1; | |
| 1807 | } | |
| dcf4781c JK |
1808 | if (STR_IN_SET(name, "SocketBindAllow", "SocketBindDeny")) { |
| 1809 | CGroupSocketBindItem **list; | |
| 1810 | uint16_t nr_ports, port_min; | |
| 1811 | size_t n = 0; | |
| 4883a04f | 1812 | int32_t family, ip_protocol; |
| dcf4781c JK |
1813 | |
| 1814 | list = streq(name, "SocketBindAllow") ? &c->socket_bind_allow : &c->socket_bind_deny; | |
| 1815 | ||
| 4883a04f | 1816 | r = sd_bus_message_enter_container(message, 'a', "(iiqq)"); |
| dcf4781c JK |
1817 | if (r < 0) |
| 1818 | return r; | |
| 1819 | ||
| 4883a04f | 1820 | while ((r = sd_bus_message_read(message, "(iiqq)", &family, &ip_protocol, &nr_ports, &port_min)) > 0) { |
| dcf4781c JK |
1821 | |
| 1822 | if (!IN_SET(family, AF_UNSPEC, AF_INET, AF_INET6)) | |
| 1823 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects INET or INET6 family, if specified.", name); | |
| 1824 | ||
| 60477eb9 JK |
1825 | if (!IN_SET(ip_protocol, 0, IPPROTO_TCP, IPPROTO_UDP)) |
| 1826 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects TCP or UDP protocol, if specified.", name); | |
| 4883a04f | 1827 | |
| dcf4781c JK |
1828 | if (port_min + (uint32_t) nr_ports > (1 << 16)) |
| 1829 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects maximum port value lesser than 65536.", name); | |
| 1830 | ||
| 1831 | if (port_min == 0 && nr_ports != 0) | |
| 1832 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "%s= expects port range starting with positive value.", name); | |
| 1833 | ||
| 1834 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1835 | _cleanup_free_ CGroupSocketBindItem *item = NULL; | |
| 1836 | ||
| 1837 | item = new(CGroupSocketBindItem, 1); | |
| 1838 | if (!item) | |
| 1839 | return log_oom(); | |
| 1840 | ||
| 1841 | *item = (CGroupSocketBindItem) { | |
| 1842 | .address_family = family, | |
| 4883a04f | 1843 | .ip_protocol = ip_protocol, |
| dcf4781c JK |
1844 | .nr_ports = nr_ports, |
| 1845 | .port_min = port_min | |
| 1846 | }; | |
| 1847 | ||
| 1848 | LIST_PREPEND(socket_bind_items, *list, TAKE_PTR(item)); | |
| 1849 | } | |
| 1850 | n++; | |
| 1851 | } | |
| 1852 | if (r < 0) | |
| 1853 | return r; | |
| 1854 | ||
| 1855 | r = sd_bus_message_exit_container(message); | |
| 1856 | if (r < 0) | |
| 1857 | return r; | |
| 1858 | ||
| 1859 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 2485b7e2 | 1860 | _cleanup_(memstream_done) MemStream m = {}; |
| dcf4781c | 1861 | _cleanup_free_ char *buf = NULL; |
| 2485b7e2 | 1862 | FILE *f; |
| dcf4781c JK |
1863 | |
| 1864 | if (n == 0) | |
| 1865 | cgroup_context_remove_socket_bind(list); | |
| 1866 | else { | |
| 1867 | if ((u->manager->cgroup_supported & CGROUP_MASK_BPF_SOCKET_BIND) == 0) | |
| 1868 | log_full(LOG_DEBUG, | |
| 1869 | "Unit %s configures source compiled BPF programs " | |
| 1870 | "but the local system does not support that.\n" | |
| 1871 | "Starting this unit will fail!", u->id); | |
| 1872 | } | |
| 1873 | ||
| 2485b7e2 | 1874 | f = memstream_init(&m); |
| dcf4781c JK |
1875 | if (!f) |
| 1876 | return -ENOMEM; | |
| 1877 | ||
| cc4d38b1 YW |
1878 | if (n == 0) |
| 1879 | fprintf(f, "%s=\n", name); | |
| 1880 | else | |
| 1881 | LIST_FOREACH(socket_bind_items, item, *list) { | |
| 1882 | fprintf(f, "%s=", name); | |
| 1883 | cgroup_context_dump_socket_bind_item(item, f); | |
| 1884 | fputc('\n', f); | |
| 1885 | } | |
| dcf4781c | 1886 | |
| 2485b7e2 | 1887 | r = memstream_finalize(&m, &buf, NULL); |
| dcf4781c JK |
1888 | if (r < 0) |
| 1889 | return r; | |
| 1890 | ||
| 1891 | unit_write_setting(u, flags, name, buf); | |
| 1892 | } | |
| 1893 | ||
| 1894 | return 1; | |
| 1895 | } | |
| a59cb62c MV |
1896 | if (streq(name, "RestrictNetworkInterfaces")) { |
| 1897 | int is_allow_list; | |
| 1898 | _cleanup_strv_free_ char **l = NULL; | |
| 1899 | ||
| 1900 | r = sd_bus_message_enter_container(message, 'r', "bas"); | |
| 1901 | if (r < 0) | |
| 1902 | return r; | |
| 1903 | ||
| 1904 | r = sd_bus_message_read(message, "b", &is_allow_list); | |
| 1905 | if (r < 0) | |
| 1906 | return r; | |
| 1907 | ||
| 1908 | r = sd_bus_message_read_strv(message, &l); | |
| 1909 | if (r < 0) | |
| 1910 | return r; | |
| 1911 | ||
| 1912 | r = sd_bus_message_exit_container(message); | |
| 1913 | if (r < 0) | |
| 1914 | return r; | |
| 1915 | ||
| 1916 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1917 | _cleanup_free_ char *joined = NULL; | |
| a59cb62c MV |
1918 | |
| 1919 | if (strv_isempty(l)) { | |
| 1920 | c->restrict_network_interfaces_is_allow_list = false; | |
| c4c4ea2f | 1921 | c->restrict_network_interfaces = set_free(c->restrict_network_interfaces); |
| a59cb62c MV |
1922 | |
| 1923 | unit_write_settingf(u, flags, name, "%s=", name); | |
| 1924 | return 1; | |
| 1925 | } | |
| 1926 | ||
| 1927 | if (set_isempty(c->restrict_network_interfaces)) | |
| 1928 | c->restrict_network_interfaces_is_allow_list = is_allow_list; | |
| 1929 | ||
| 1930 | STRV_FOREACH(s, l) { | |
| 4e0db87e | 1931 | if (!ifname_valid_full(*s, IFNAME_VALID_ALTERNATIVE)) { |
| a59cb62c MV |
1932 | log_full(LOG_WARNING, "Invalid interface name, ignoring: %s", *s); |
| 1933 | continue; | |
| 1934 | } | |
| 1935 | if (c->restrict_network_interfaces_is_allow_list != (bool) is_allow_list) | |
| 1936 | free(set_remove(c->restrict_network_interfaces, *s)); | |
| 1937 | else { | |
| 1938 | r = set_put_strdup(&c->restrict_network_interfaces, *s); | |
| 1939 | if (r < 0) | |
| 1940 | return log_oom(); | |
| 1941 | } | |
| 1942 | } | |
| 1943 | ||
| 1944 | joined = strv_join(l, " "); | |
| 1945 | if (!joined) | |
| 1946 | return -ENOMEM; | |
| 1947 | ||
| 1948 | unit_write_settingf(u, flags, name, "%s=%s%s", name, is_allow_list ? "" : "~", joined); | |
| 1949 | } | |
| 1950 | ||
| 1951 | return 1; | |
| 1952 | } | |
| 4e806bfa | 1953 | |
| dc7d69b3 TM |
1954 | if (streq(name, "NFTSet")) { |
| 1955 | int source, nfproto; | |
| 1956 | const char *table, *set; | |
| 1957 | bool empty = true; | |
| 1958 | ||
| 1959 | r = sd_bus_message_enter_container(message, 'a', "(iiss)"); | |
| 1960 | if (r < 0) | |
| 1961 | return r; | |
| 1962 | ||
| 1963 | while ((r = sd_bus_message_read(message, "(iiss)", &source, &nfproto, &table, &set)) > 0) { | |
| 1964 | const char *source_name, *nfproto_name; | |
| 1965 | ||
| 3bb48b19 | 1966 | if (!IN_SET(source, NFT_SET_SOURCE_CGROUP, NFT_SET_SOURCE_USER, NFT_SET_SOURCE_GROUP)) |
| dc7d69b3 TM |
1967 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid source %d.", source); |
| 1968 | ||
| 1969 | source_name = nft_set_source_to_string(source); | |
| 1970 | assert(source_name); | |
| 1971 | ||
| 1972 | nfproto_name = nfproto_to_string(nfproto); | |
| 1973 | if (!nfproto_name) | |
| 1974 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid protocol %d.", nfproto); | |
| 1975 | ||
| 1976 | if (!nft_identifier_valid(table)) { | |
| 1977 | _cleanup_free_ char *esc = NULL; | |
| 1978 | ||
| 1979 | esc = cescape(table); | |
| 1980 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT table name %s.", strna(esc)); | |
| 1981 | } | |
| 1982 | ||
| 1983 | if (!nft_identifier_valid(set)) { | |
| 1984 | _cleanup_free_ char *esc = NULL; | |
| 1985 | ||
| 1986 | esc = cescape(set); | |
| 1987 | return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid NFT set name %s.", strna(esc)); | |
| 1988 | } | |
| 1989 | ||
| 1990 | if (!UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 1991 | r = nft_set_add(&c->nft_set_context, source, nfproto, table, set); | |
| 1992 | if (r < 0) | |
| 1993 | return r; | |
| 1994 | ||
| 1995 | unit_write_settingf( | |
| 1996 | u, flags|UNIT_ESCAPE_SPECIFIERS, name, | |
| 1997 | "%s=%s:%s:%s:%s", | |
| 1998 | name, | |
| 1999 | source_name, | |
| 2000 | nfproto_name, | |
| 2001 | table, | |
| 2002 | set); | |
| 2003 | } | |
| 2004 | ||
| 2005 | empty = false; | |
| 2006 | } | |
| 2007 | if (r < 0) | |
| 2008 | return r; | |
| 2009 | ||
| 2010 | r = sd_bus_message_exit_container(message); | |
| 2011 | if (r < 0) | |
| 2012 | return r; | |
| 2013 | ||
| 2014 | if (empty && !UNIT_WRITE_FLAGS_NOOP(flags)) { | |
| 2015 | nft_set_context_clear(&c->nft_set_context); | |
| 2016 | unit_write_settingf(u, flags, name, "%s=", name); | |
| 2017 | } | |
| 2018 | ||
| 2019 | return 1; | |
| 2020 | } | |
| 2021 | ||
| db6986e0 YW |
2022 | /* deprecated CGroup v1 properties */ |
| 2023 | if (STR_IN_SET(name, | |
| 2024 | "MemoryLimit", | |
| 2025 | "MemoryLimitScale", | |
| 2026 | "CPUShares", | |
| 2027 | "StartupCPUShares", | |
| 2028 | "BlockIOAccounting", | |
| 2029 | "BlockIOWeight", | |
| 2030 | "StartupBlockIOWeight", | |
| 2031 | "BlockIODeviceWeight", | |
| 2032 | "BlockIOReadBandwidth", | |
| 29da53dd MY |
2033 | "BlockIOWriteBandwidth", |
| 2034 | "CPUAccounting")) { /* see comment in bus_cgroup_vtable */ | |
| db6986e0 YW |
2035 | |
| 2036 | r = sd_bus_message_skip(message, NULL); | |
| 2037 | if (r < 0) | |
| 2038 | return r; | |
| 2039 | ||
| 2040 | return 1; | |
| 2041 | } | |
| 2042 | ||
| dc7d69b3 | 2043 | /* must be last */ |
| 25cc30c4 | 2044 | if (streq(name, "DisableControllers") || (u->transient && u->load_state == UNIT_STUB)) |
| 13ec20d4 | 2045 | return bus_cgroup_set_transient_property(u, c, name, message, flags, error); |
| 8e2af478 LP |
2046 | |
| 2047 | return 0; | |
| 2048 | } |